[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Still having issues!
 Date:  Mon, 4 Jul 2005 14:25:42 -0400
On 7/2/05, henry <henry at ttcomaha dot com> wrote:
> Hi I needed to add secondary IP address to my internal LAN, Which I was able to do with the
shellcmd in the config.xml.  If I do a ifconfig from the exec.php I see all of the IP addresses and
I can ping those addresses from the default lan.  The problem lies in vreating the rules.  No matter
what I do everything is denied coming from the networks of the subinterfaces.  IE.  The primary
network is 192.168.1.1 and I have a rule 'LAN all prot. 192.168.1.0/24 to any allow' and that works
fine. Now if I add the rule for the secondary network 'LAN all 172.40.25.0/24 to any' the firewall
blocks everything coming from 172.40.25.0/24.
> 

antispoofing rules dropping it.  a static route on the LAN interface
will open up the antispoofing rules to allow that subnet on the LAN
interface (though the route itself is unnecessary).  Probably will
also need advanced outbound NAT after that.

-Chris