Hi and greetings to everyone. I've gone ahead and set up a m0n0wall
firewall at work with a NATed LAN -> WAN. It works ok and I've got
rules set up to block out the nasty stuff.
What I'm having a problem doing (if it's even possible) is setting up a
different subnet on OPT1 that can communicate with LAN but have nothing
go out the WAN. Perhaps this drawing might help
test | OPT1 +--------+ WAN | net
network +------------|m0n0wall|--------| connection
| +--------+ |
| | |
Making the following assumptions:
WAN is 192.168.0.55
LAN is 172.16.33.1
OPT1 is 172.16.34.1
Nothing from OPT1 should go out to the WAN. Ports 137-139 are allowed
between OPT1 and LAN. LAN is NATed. I'm getting a bit confused in
trying to set this up. Since LAN is NATed - and after reading the
ipfilter FAQ - should rules on OPT1 be set up to allow from network
192.168.0.55 or 172.16.33.1. IPFilter supposedly does NAT translation
once a packet passes through the interface. THEN it does the rule handling.
Has anybody else tried this.
In case it helps, I'm trying to set up a test network for the
engineering group. They're playing with some devices that occassionally
have the same MAC address or try to take over some ip addresses. I just
want to give them their own little network so it doesn't break our
production network. Oh yeah, we need to access the windows shares on
Any help is appreciated...