|
||||||||||
Servus Sascha! Am Mittwoch, den 29.06.2005, 11:32 +0200 schrieb Peter Allgeyer: > The fact that the external interface is sis0 (and not ng0), as > googl3meister stated, is interesting. Maybe there has to be an > additional rule for sis0: > > pass out quick on sis0 from any to any keep state > > I can try this out, if you want. OK, have tried it. googl3meister was right. Besides adding an IP address to your sis0 interface, you'll have to type these two rulesets in http(s)://<m0n0-ip>/exec.php: echo "@7 pass out quick on sis0 from any to any keep state" | ipf -f - echo "map sis0 192.168.200.0/24 -> 0.0.0.0/32" | ipnat -f - Since there isn't any NAT configured for interface sis0, you don't have to change any NAT settings for the WAN interface (as described in http://wiki.m0n0.ch/wikka.php?wakka=AccessingModemOutsideFirewall). Beside this, adding a rule for the sis0 interface is mandatory! If everything works fine, add these lines to the configfile: <shellcmd>ifconfig sis0 inet 192.168.178.2 alias</shellcmd> <shellcmd>echo "@7 pass out quick on sis0 from any to any keep state" | ipf -f -</shellcmd> <shellcmd>echo "map sis0 192.168.200.0/24 -> 0.0.0.0/32" | ipnat -f -</shellcmd> One problem will arise: <shellcmd>...</shellcmd> will only be executed at system start, not when you change any settings of your firewall rules (adding, deleting, changing rulesets). So you'll have to type the ruleset lines every time after you've changed your ruleset. If we would have the possibility to define alias interfaces (in this special case, a normal interface configuration for sis0 would be enough), this problem is going away. Maybe a nice feature for past 1.2. Ciao ... ... PIT ... --------------------------------------------------------------------------- copyleft(c) by | There are no threads in a.b.p.erotica, so Peter Allgeyer | _-_ there's no gain in using a threaded news | 0(o_o)0 reader. (Unknown source) ---------------oOO--(_)--OOo----------------------------------------------- |