I am hoping to get some help here as I wasn't able to solve my problem myself,
neither by spending half a day on it, nor by finding it on the web/lists etc.
I have to admit this is the first time I am *not* using a Linux/iptables
We have a fairly simple setup:
SERVER ------- m0n0wall ------- CLIENT
where m0n0walls interfaces belong to private networks; WAN=10.1.1.1,
LAN=192.168.1.254. In the above sketch, m0n0s _right_ interface is LAN, and
the _left_ interface is WAN. SERVER has 10.1.1.50, CLIENT is 192.168.1.1.
All I want to do is to have ssh access from the SERBER to the CLIENT (not the
'usual' other way around, pls. don't ask me why :) ). Dumb approach: I added
a rule for 'WAN' allowing ssh from SERVER to CLIENT. Doesn't work, so I
thought maybe I need to specify the reverse 'channel' separately. So I added
a LAN rule, allowing the accordant back connection from CLIENT to SERVER.
(btw: Is that the way to do it when not wanting NAT?)
And now there is a *really* strange behaviour: In the log I can see, that all
packets can pass the firewall successfully, but the ones sent from the client
back to the server are blocked after ONE packet has already been transmitted
back to the server successfully. As if the 'stateful' information has been
lost in the middle of the connection.
I tried this with other protocols as 80 and was able to reproduce it. The only
thing I could get working was ICMP from server to client.
Any ideas are really appreciated and donated with bows and hugs :)
And yes, I turned off this one option saying "Block private networks"... tried
with 1.11 - will try with the latest beta tomorrow.