[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Anastasija Bosiha <anastasija dot bosiha at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] default firewall rule
 Date:  Mon, 23 May 2005 22:48:10 -0400
On 5/23/05, Anastasija Bosiha <anastasija dot bosiha at gmail dot com> wrote:
> Hello to All!
> About 1 month I'm using m0n0wall, and I had following problem. Our LAN
> ( have two gateways/routers:
> - one for Internet (
> - second (192.168.254) for tunneling to another office. Second office has
> LAN:
> I------------------I ---- (m0n0wall)
> I ( I                               I -------------I
> I------------------I ---- -----------I  I
>                                                    I -------------I
> All computers from network have as default router
> has static route for network to
> router.
> So problems are following:
> 1. Computers from network cannot access to
> network resources. For example computer try to connect to
> computer. When comp recievs packet from
> comp, it send reply through, and m0n0wall blocks this packet
> because of default firewall rule 19:
> @18 skip 1 in proto tcp from any to any flags S/FSRA
> @19 block in log quick proto tcp from any to any
> How I can modify firewall default ruleset or make network as
> trusted network, so that packets from this network will never blocked?

Looks like you're getting hit by the antispoofing rule because you're
missing a static route on m0n0wall to that network.  Add the static
route and it won't hit that rule anymore.