On 7/14/05, Bryan Catlin <bryancatlin at connectgroup dot net> wrote:
> I have a 10.0.10.0/22 address space and we added a router and set it to
> handle the traffic for another location.  This router is on 10.0.10.14  the
> traffic at the other end is 10.2.10.x/24.  I added a static route to the
> main monowall (1.2b9 they all are) for the LAN adapter 10.2.10.0/24 with
> gateway 10.0.10.14.  I then went into the advanced section and bypassed the
> static route filtering.  I also added the 10.2.10.2 address (the remote
> monowall wan) to the captive portal IP pass thru on the main monowall.
> 
> I can now talk to the remote site and they can to the main location but not
> get out of the main gateway to the internet.  the firewall is logging that
> it is blocking them.  So what have I done wrong?
> 

Sounds like maybe enabling the static route filtering bypass also
bypasses the permit rule that gets added when you add a static route
to open up the antispoofing rules for that routed subnet.  If you
uncheck that box does it work?

-Chris