[ previous ] [ next ] [ threads ]
 
 From:  Jackey Wall <jackeywall at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: WAN<>OPT Bridge and Traffic Shaper Rules
 Date:  Sat, 30 Apr 2005 11:08:33 -0500
I have been monitoring the list for some time now for remedies to a
particular problem with m0n0wall 1.2b7 on CDROM/PC and on Soekris
installs.

The setup is that I have two subnets 65.xxx.88.0/23 and
68.xxx.108.0/22 connected to OPT, which is bridged to WAN, which in
turn has an IP address of 68.xxx.108.XXX/22. Traffic will pass through
the bridge as expected for both 65.xxx.88.0/23 and 68.xxx.108.0/22
when the Traffic Shaper Rules are off. However, turning on the Traffic
Shaper Rules will cause traffic from 65.xxx.88.0/23 to not be allowed
to pass through the bridge.

I understand that the root cause of this issue is an anti spoofing
rule being applied to 65.xxx.88.0/23 as m0nowall does not know about
the 65.xxx.88.0/23 network.

Now, I have seen several posts concerning this issue (from 
Jesse Guardiani and Chris Buechler). One remedy was to hand edit the
config.xml file and remove the WAN IP address, which would indirectly
fix the issue by causing the anti spoofing rule to not be generated.
However, the "suggested fix" was to add a static route for the subnet
not passing through the bridge, to the DMZ port, or in this case, the
OPT port. In the latter case, m0n0wall would know about the
65.xxx.88.0/23 network and not build an anti spoofing rule for that
address space.

I have tried both suggestions with no luck. 

Jesse Guardiani and Chris Buechler, you all seem to have figured out
the issue described above and were successful in implementing a fix
(removing the WAN IP or adding a static route). Can either of you add
suggestions or pointers on what I should be looking for to
successfully implement a work around .

Thank you for your consideration!
-- 
Best regards,

Jackey Wall
(601) 914-6782 Office
(425) 663-2277 Fax