[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Vpn tunnel and fw-rules
 Date:  Wed, 4 May 2005 16:21:30 -0400
On 5/4/05, Robert Högberg <baggio at atari dot org> wrote:
> > >
> > > I've blocked traffic from 192.168.50.x (monowall 2) to 192.168.40.x
> > > (monowall 1) but monowall 2 happily ignores the rules. And yes,
> > > i am initiating traffic from behind monwall 1.
> > >
> >
> > Is the rule above the default allow all rule?  You have any static
> > routes on the system?  (they would be unnecessary and could mess up
> > filtering)
> >
> The rule is the only one in the lan-section. Yes, i have a bunch of
> static rules that needs to be there because of multiple subnets.

Wait, from the sounds of the above, you put the rules on the wrong
side.  Only outbound traffic destined for the opposite side gets
filtered.  i.e. if you have site A with and site B
with, to block traffic from 50.x to 40.x, you need a
rule on m0n0 A to do that.

The static routes aren't necessary and can mess things up if you're
entering them for subnets that are directly connected to m0n0wall
either through VPN or any local interface.