[ previous ] [ next ] [ threads ]
 
 From:  "Kresimir Petric (WeOnlyDo Software)" <kreso3 at weonlydo dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] LAN and OPT interfaces don't route packets?
 Date:  Mon, 23 May 2005 10:58:20 +0200 
Chris,

>Changing NAT isn't what you want nor need to acccomplish this.  All
>you need to get from LAN to OPT is rules permitting that traffic (the

I tried that, in both directions, with all possible rules I could think of. 
I even setup rule that allows everything from everywhere, but didn't help.

>default allow to any is fine for LAN to OPT).  To get from OPT to LAN
>only, you also just need a rule to permit traffic to your LAN subnet
>and deny everything else.

Yes, I thought that would be ok, but it's not, doesn't help. I put xml 
config of all rules at the bottom of this email. 'wireless' is 'opt1'. Those 
are one of possibilities, I tried many many many of them.

>If you really want to get rid of the NAT entry (though I wouldn't mess
>with it since it isn't necessary), enable advanced outbound NAT and
>only put in a rule for your LAN to the internet.  You don't want any
>NAT on sis1, since your WAN interface is really ng0 (PPPoE), not the
>physical interface.

I didn't set that one for ng0, it was there by default. sis1 is OPT, not 
WAN. I changed etc/inc/filter.php file so it dumps settings for ipnat to 
/tmp, and then uses it, that way I can play with them. I have shown default 
rulesetting for ipnat, and there was 2 entries for ng0 for both networks - 
that would allow both LAN and OPT1 to use WAN, but that's not what I want, 
so I removed it.

BTW I tried enabling outbound NAT, and I got what I wanted - my traffic was 
going to OPT1, but then WAN stopped working completely.

I would be happy to send complete config XML file if you have similar 
environment like me you can test with.

Thanks again,
Kreso



--- rules:
  <rule>
   <type>pass</type>
   <interface>opt1</interface>
   <source>
    <network>lan</network>
   </source>
   <destination>
    <network>opt1</network>
   </destination>
   <descr>WIRELESS -&gt; Any</descr>
  </rule>
  <rule>
   <type>pass</type>
   <interface>opt1</interface>
   <source>
    <network>opt1</network>
   </source>
   <destination>
    <network>lan</network>
   </destination>
   <log/>
   <descr/>
  </rule>
  <rule>
   <type>pass</type>
   <interface>lan</interface>
   <source>
    <any/>
   </source>
   <destination>
    <any/>
   </destination>
   <descr>Default LAN -&gt; any</descr>
  </rule>
  <rule>
   <type>pass</type>
   <interface>lan</interface>
   <source>
    <network>lan</network>
   </source>
   <destination>
    <network>opt1</network>
   </destination>
   <log/>
   <descr>Default LAN -&gt; Wireless</descr>
  </rule>
  <rule>
   <type>pass</type>
   <interface>lan</interface>
   <protocol>tcp</protocol>
   <source>
    <network>opt1</network>
   </source>
   <destination>
    <network>lan</network>
   </destination>
   <descr/>
  </rule>