Hi everybody,

I run m0n0wall 1.2b3 on a Soekris 4801, this is my scenario:

WAN : static IP
LAN : 192.168.100.100/24
OPT1: 192.168.101.100/24

DHCP is activated both for LAN and OPT1, no interface is bridged,
filtering bridge is off, captive Portal not activated. (Btw: Captive
Portal works fine and exactly like expected).

Intended goal: forbid any traffic from OPT1 (WLAN) to LAN.

I go to "Firewall" click on tab "OPT1" and delete every rule. My
client on OPT1 has IP 192.168.101.99, no traffic is possible to anywhere.
That's quite expected and okay. Just in case I rebooted the Soekris.

Now I insert one single rule on OPT1:

Action: Pass, Interface: OPT1, Protocol: AH, Source: any,
Destination: NOT LAN subnet

I do not click "apply" yet, still no traffic possible (as expected).
After "apply" I can do this with client 192.168.101.99 on OPT1:

"net view 192.168.100.111"  with correct answers
"ping 192.168.100.4"        with correct answers
"http://192.168.100.4"      in browser and see the homepage

Why is this working? The only thing not working is DNS, I cannot
address the LAN machines with their names. I also tried to replace
the destination "not LAN subnet" by "not network 192.168.100.0/24",
same effects :-(
 
Please advise. If helpful, I am happy to provide status.php, etc.

TIA   Frederick