[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall is not working
 Date:  Thu, 3 Feb 2005 08:30:33 -0500
Jordan T. wrote:
> Hello list,
> 
> I have tried to search for this problem on the lists & documentation
> bpages ut cannot find anything relating to it.
> 
> I'm using m0n0wall on a Motium NPA-100
> (http://www.motium.com/products/npa/index.html) which is an mini PC
> made for the PoS/kiosk/network application market, they call it
> embedded but it uses entirely x86 PC hardware.
> 
> My problem is I cannot get firewalling to work, I've setup two rules
> on the LAN interface to block all ICMP and TCP from a certain host,
> but neither seem to be working, I can ping the device from any host
> on the LAN and connect to the web server from the host that is meant
> to be firewalled (10.0.2.5).
> 
> I have attached my config.xml, screenshots of the firewall page, and
> exec.php executing "ipfstat -hnio" are available from
> http://www.omgwtfbbq.com.au/firewall_rules.jpg and
> http://www.omgwtfbbq.com.au/exec-ipfstat-hnio.jpg
> (I couldn't attach them because theres a 30k message size limit)
> 
> I have played with the order of the rules and rebooted the device
> several times but it doesn't make any diference.
> 
> Thanks in advance for any help given,
> 
> Jordan.

Where does the host live? WAN, DMZ, LAN? If it lives on the LAN you
will not be able to block traffic from another LAN client. But, I
don't think this is the case.

You should create a rule with a source of LAN net and destination of
10.0.2.5... The second rule on your m0n0 would be translated as block
packets from 10.0.2.5 going anywhere. Not block packets from anywhere
going to 10.0.2.5 as I think may you think.

Also, the ICMP rule on your WAN is not necessary.

I am sending this from my hotel room at Disney. I will not have
internet access again until Friday night.

_________________________________
James W. McKeand