On 7/14/05, Bryan Catlin <bryancatlin at connectgroup dot net> wrote:
> I have a 10.0.10.0/22 address space and we added a router and set it to
> handle the traffic for another location. This router is on 10.0.10.14 the
> traffic at the other end is 10.2.10.x/24. I added a static route to the
> main monowall (1.2b9 they all are) for the LAN adapter 10.2.10.0/24 with
> gateway 10.0.10.14. I then went into the advanced section and bypassed the
> static route filtering. I also added the 10.2.10.2 address (the remote
> monowall wan) to the captive portal IP pass thru on the main monowall.
> I can now talk to the remote site and they can to the main location but not
> get out of the main gateway to the internet. the firewall is logging that
> it is blocking them. So what have I done wrong?
Sounds like maybe enabling the static route filtering bypass also
bypasses the permit rule that gets added when you add a static route
to open up the antispoofing rules for that routed subnet. If you
uncheck that box does it work?