[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Cvetomir Conev <cvetomirconev at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] WebGUI, DNS blocking on selected interfaces
 Date:  Sat, 25 Jun 2005 15:36:24 -0400
On 6/25/05, Cvetomir Conev <cvetomirconev at gmail dot com> wrote:
> 
> No, there are no rules attached to the Optional interface. The fact
> that PPTP worked without them was the reason for me to do further
> investigation in the first place.
> 

PPTP rules (TCP 1723 and GRE) are automatically added and allowed on
all interfaces.  If you're talking about access to/from PPTP clients,
you need to add firewall rules on the PPTP interface.


> 
> dc0 is the optional interface and 10.0.0.0/8 catches the networks
> included in the city lan. I've set a static route to them and that
> probably added those rules.
> 
> I removed the static route and the firewall entries were indeed
> removed too. I guess I'm in trouble.
> 
> I'm confused, is that a bug or a feature?
> 

What's the IP and subnet on the OPT interface?  

Those rules are added for a reason, but the reason escapes me at the
moment.  (the answer to the above might refresh my memory)  The
behavior was changed in newer versions (assuming you're using 1.11)
because incorrect or unnecessary static routes would mess up
filtering.

-Chris