[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  jesse at wingnet dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: M0n0wall v1.2b3 in Bridge Mode
 Date:  Tue, 8 Feb 2005 23:07:06 -0500
On Tue, 08 Feb 2005 22:21:46 -0500, Jesse Guardiani <jesse at wingnet dot net> wrote:
>    Why would you want an IP-less bridge? I couldn't get my bridge to be
>     completely transparent with an IP on the WAN interface. The bridge
>     wouldn't pass traffic outside the WAN's subnet. This was a problem
>     for me because I have multiple subnets attached to the bridge. The
>     workaround is fairly simple, but I think this deserves some sort of
>     GUI solution.

The bridge should be completely transparent, i.e. will forward
anything so long as it matches your rule set.  Maybe a firewall rule
put in by the back end is somehow messing with it?  Did you check
status.php to see which rule is dropping the traffic (assuming it's
getting dropped) and find the rule number?

> 2.) Anti spoofing rules are preventing me from managing my bridged
>     m0n0wall from outside the LAN interfaces subnet. See this thread
>     for more info:

That's not a bug, it's a design decision.  If your LAN interface
actually was a LAN interface, that wouldn't be an issue.  m0n0wall
doesn't allow outbound traffic from networks it doesn't know about. 
If you add a static route on the LAN interface, it changes that rule
to allow traffic from that network that it has a route for.  There's
no reason for it to accept traffic it doesn't know how to return.

The way to resolve this is to figure out why you can't put an IP on
your WAN, then this becomes a non-issue.

> 3.) WAN interface sometimes steals packets from LAN interface when LAN
>     is used for management and OPT1 is bridged with WAN. See this post
>     for details:

I'm sure that's a limitation from having the LAN plugged in where it
shouldn't be.

Can you send some more info on the first problem?  Then the others
should go away, if we can fix that.