[ previous ] [ next ] [ threads ]
 
 From:  "Anastasija Bosiha" <anastasija dot bosiha at gmail dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  default firewall rule
 Date:  Mon, 23 May 2005 14:08:13 +0300
Hello to All!

About 1 month I'm using m0n0wall, and I had following problem. Our LAN
(192.168.2.0/24) have two gateways/routers:
- one for Internet (192.168.2.253)
- second (192.168.254) for tunneling to another office. Second office has
LAN: 10.2.2.0/16.

I------------------I ---- 192.168.2.254 (m0n0wall)
I (192.168.2.0/24) I                               I -------------I
I------------------I ---- 192.168.2.253 -----------I 10.2.2.0/24  I
                                                   I -------------I
All computers from network 192.168.2.0/24 have as default router
192.168.2.254.
192.168.2.254 has static route for 10.2.2.0/24 network to 192.168.2.253
router.

So problems are following:
1. Computers from 10.2.2.0/16 network cannot access to 192.168.2.0/24
network resources. For example computer 10.2.2.5 try to connect to
192.168.2.6 computer. When 192.168.2.6 comp recievs packet from 10.2.2.5
comp, it send reply through 192.168.2.254, and m0n0wall blocks this packet
because of default firewall rule 19:

@18 skip 1 in proto tcp from any to any flags S/FSRA
@19 block in log quick proto tcp from any to any

How I can modify firewall default ruleset or make network 10.2.2.0/16 as
trusted network, so that packets from this network will never blocked?

2. If on computer in 192.168.2.0/16 network is installed Windows XP SP 2,
and Windows firewall is on, then this computer cannot access to 10.2.2.0/16
network resources.
But I think that this problem is will be solved as soon as I will solve
first problem.

Anastasija