[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] LAN,WAN,OPT1 masq to device help
 Date:  Wed, 16 Feb 2005 14:17:42 -0500
321 Admin wrote:
> If interface are:
> LAN=sis0 is at address and desire all
> machines to pass thru to wi0
> WAN=wi0 is at address connects to cloud via bss,ssid
> and desire all to pass thru to cloud's access point that has its
> gw=
> OPT1=wi1 is at address access point with or without
> dhcp and desire to pass all to wi0
> So that WAN(wi0) bridges the network to get to the
> gateway at
> wi0 gets a defaut route .  ?
> Then on to accomplish the same end result as:
> masq from to dev wi0 # rule to let all packets pass
> LAN to WAN
> masq from to dev wi0 # rule to let all packets pass
> from OPT1 to WAN
> confused about how that will happen on this gui
> I tried a few times but must of looped something because all systems
> froze and needed a reboot.

First of all if you are using a private network as per RFC 1918 (10/8,
172.16/12, 192.168/16) on the WAN, you should clear the checkbox
"Block private networks" on the WAN config page.

I assume that you:
A) do not want LAN to access OPT1
B) do not want OPT1 to access LAN
C) starting with factory default rules

The default firewall rule on the LAN interface should allow LAN to any
(WAN and OPT1). Edit the rule and change the destination to be *NOT*
(check the "not" box) OPT1 subnet (select "OPT1 subnet" in drop down).
The logic is allow traffic from LAN interface to anywhere except OPT1
subnet - i.e. rest of the world...

Then click the "Add rule based on this one" (the plus on the right of
the rule), change the interface to OPT1 and the destination to "LAN
subnet" (keep the "not" checked).

If my assumptions are wrong (you do want LAN to access OPT1) ignore
the "not" checkboxes and use "any" as the destination for the OPT1

James W. McKeand