I run m0n0wall 1.2b3 on a Soekris 4801, this is my scenario:
WAN : static IP
LAN : 192.168.100.100/24
DHCP is activated both for LAN and OPT1, no interface is bridged,
filtering bridge is off, captive Portal not activated. (Btw: Captive
Portal works fine and exactly like expected).
Intended goal: forbid any traffic from OPT1 (WLAN) to LAN.
I go to "Firewall" click on tab "OPT1" and delete every rule. My
client on OPT1 has IP 192.168.101.99, no traffic is possible to anywhere.
That's quite expected and okay. Just in case I rebooted the Soekris.
Now I insert one single rule on OPT1:
Action: Pass, Interface: OPT1, Protocol: AH, Source: any,
Destination: NOT LAN subnet
I do not click "apply" yet, still no traffic possible (as expected).
After "apply" I can do this with client 192.168.101.99 on OPT1:
"net view 192.168.100.111" with correct answers
"ping 192.168.100.4" with correct answers
"http://192.168.100.4" in browser and see the homepage
Why is this working? The only thing not working is DNS, I cannot
address the LAN machines with their names. I also tried to replace
the destination "not LAN subnet" by "not network 192.168.100.0/24",
same effects :-(
Please advise. If helpful, I am happy to provide status.php, etc.