On 7/2/05, henry <henry at ttcomaha dot com> wrote:
> Hi I needed to add secondary IP address to my internal LAN, Which I was able to do with the
shellcmd in the config.xml. If I do a ifconfig from the exec.php I see all of the IP addresses and
I can ping those addresses from the default lan. The problem lies in vreating the rules. No matter
what I do everything is denied coming from the networks of the subinterfaces. IE. The primary
network is 192.168.1.1 and I have a rule 'LAN all prot. 192.168.1.0/24 to any allow' and that works
fine. Now if I add the rule for the secondary network 'LAN all 126.96.36.199/24 to any' the firewall
blocks everything coming from 188.8.131.52/24.
antispoofing rules dropping it. a static route on the LAN interface
will open up the antispoofing rules to allow that subnet on the LAN
interface (though the route itself is unnecessary). Probably will
also need advanced outbound NAT after that.