[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-1?Q?Robert_H=F6gberg?= <baggio at atari dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Vpn tunnel and fw-rules
 Date:  Wed, 4 May 2005 10:34:36 +0300 (EEST) 
On Tue, 3 May 2005, Chris Buechler wrote:

> On 5/3/05, Robert Högberg <baggio at atari dot org> wrote:
> > Hi,
> >
> > I'm running a vpn between 2 m0n0walls. I searched the list archive to find
> > out whether it was possible to use fw-rules to restrict traffic even
> > if i use a tunnel. From what i read it said it should be possible to
> > restrict outgoing traffic on the lan interface.
> >
> > I've blocked traffic from 192.168.50.x (monowall 2) to 192.168.40.x
> > (monowall 1) but monowall 2 happily ignores the rules. And yes,
> > i am initiating traffic from behind monwall 1.
> >
>
> Is the rule above the default allow all rule?  You have any static
> routes on the system?  (they would be unnecessary and could mess up
> filtering)
>
The rule is the only one in the lan-section. Yes, i have a bunch of
static rules that needs to be there because of multiple subnets.

//Rob