[ previous ] [ next ] [ threads ]
 
 From:  "Ulrik Lunddahl" <ul at proconsult dot dk>
 To:  "James W. McKeand" <james at mckeand dot biz>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  SV: [m0n0wall] unable to block LAN from OPT1
 Date:  Thu, 16 Dec 2004 20:23:36 +0100
James W. McKeand wrote:

> If my assumption about the Alias is true. You could also go the other
direction and assign
> a /23 subnet to the network alias. Then you could still use a /24 on
the PROJ# subnets.

I think you are right here, but i wanted this:

1. Allow LAN -> WAN
2. Allow OPT1 -> WAN
3. Allow OPT2 -> WAN
4. Deny all

As i can see your solution allows trafic between OPT1 and OPT2, right ?

I can make a rule like Allow * * from LAN to OPT1, but why can't i make
an Allow * * from LAN to WAN ? Is there any technical reason for this ?


Best regards
Ulrik Lunddahl