[ previous ] [ next ] [ threads ]
 From:  "Anastasija Bosiha" <anastasija dot bosiha at gmail dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] default firewall rule
 Date:  Tue, 24 May 2005 13:34:05 +0300
I have static route on m0n0wall (

It is not enough?

Packets are dropped because they have no start. And really: start packets go
directly from router to any computer in the LAN
(, and then reply packets go through another router
(m0n0wall,, which drop they, because they haven't start.
So packets at first are analyzed, and only then routed to another router.


----- Original Message ----- 
From: "Chris Buechler" <cbuechler at gmail dot com>
To: "Anastasija Bosiha" <anastasija dot bosiha at gmail dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, May 24, 2005 5:48 AM
Subject: Re: [m0n0wall] default firewall rule

On 5/23/05, Anastasija Bosiha <anastasija dot bosiha at gmail dot com> wrote:
> Hello to All!
> About 1 month I'm using m0n0wall, and I had following problem. Our LAN
> ( have two gateways/routers:
> - one for Internet (
> - second (192.168.254) for tunneling to another office. Second office has
> LAN:
> I------------------I ---- (m0n0wall)
> I ( I                               I -------------I
> I------------------I ---- -----------I  I
>                                                    I -------------I
> All computers from network have as default router
> has static route for network to
> router.
> So problems are following:
> 1. Computers from network cannot access to
> network resources. For example computer try to connect to
> computer. When comp recievs packet from
> comp, it send reply through, and m0n0wall blocks this packet
> because of default firewall rule 19:
> @18 skip 1 in proto tcp from any to any flags S/FSRA
> @19 block in log quick proto tcp from any to any
> How I can modify firewall default ruleset or make network as
> trusted network, so that packets from this network will never blocked?

Looks like you're getting hit by the antispoofing rule because you're
missing a static route on m0n0wall to that network.  Add the static
route and it won't hit that rule anymore.