[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN and OPT interfaces don't route packets?
 Date:  Sun, 22 May 2005 18:51:12 -0400
On 5/22/05, Kresimir Petric (WeOnlyDo Software) <kreso3 at weonlydo dot com> wrote:
> I tried for quite some time to define OPT1 to allow me access to wireless
> network from my LAN, but not to allow OPT1 to access my WAN (internet
> pppoe). I had no luck. Seems that m0n0 just isn't setup to allow packets
> between LAN and OPT interfaces. I can ping OPT interface from within m0n0
> box, but not from LAN. There are few tutorials that explain how to setup
> OPT->WAN, but not LAN->OPT.
> Anyway, my LAN is, and OPT is . By default,
> m0n0 creates these ipnat rules:

Changing NAT isn't what you want nor need to acccomplish this.  All
you need to get from LAN to OPT is rules permitting that traffic (the
default allow to any is fine for LAN to OPT).  To get from OPT to LAN
only, you also just need a rule to permit traffic to your LAN subnet
and deny everything else.

If you really want to get rid of the NAT entry (though I wouldn't mess
with it since it isn't necessary), enable advanced outbound NAT and
only put in a rule for your LAN to the internet.  You don't want any
NAT on sis1, since your WAN interface is really ng0 (PPPoE), not the
physical interface.