[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall is not working
 Date:  Thu, 3 Feb 2005 08:30:33 -0500
Jordan T. wrote:
> Hello list,
> I have tried to search for this problem on the lists & documentation
> bpages ut cannot find anything relating to it.
> I'm using m0n0wall on a Motium NPA-100
> (http://www.motium.com/products/npa/index.html) which is an mini PC
> made for the PoS/kiosk/network application market, they call it
> embedded but it uses entirely x86 PC hardware.
> My problem is I cannot get firewalling to work, I've setup two rules
> on the LAN interface to block all ICMP and TCP from a certain host,
> but neither seem to be working, I can ping the device from any host
> on the LAN and connect to the web server from the host that is meant
> to be firewalled (
> I have attached my config.xml, screenshots of the firewall page, and
> exec.php executing "ipfstat -hnio" are available from
> http://www.omgwtfbbq.com.au/firewall_rules.jpg and
> http://www.omgwtfbbq.com.au/exec-ipfstat-hnio.jpg
> (I couldn't attach them because theres a 30k message size limit)
> I have played with the order of the rules and rebooted the device
> several times but it doesn't make any diference.
> Thanks in advance for any help given,
> Jordan.

Where does the host live? WAN, DMZ, LAN? If it lives on the LAN you
will not be able to block traffic from another LAN client. But, I
don't think this is the case.

You should create a rule with a source of LAN net and destination of The second rule on your m0n0 would be translated as block
packets from going anywhere. Not block packets from anywhere
going to as I think may you think.

Also, the ICMP rule on your WAN is not necessary.

I am sending this from my hotel room at Disney. I will not have
internet access again until Friday night.

James W. McKeand