[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Disable default NAT and mappings
 Date:  Sat, 6 Aug 2005 14:51:52 -0400
On 8/6/05, Its Azfar <azfarhusain at yahoo dot com> wrote:
> 
> When I bridge OPT1 with WAN then with filter bridged
> traffic disabled OPT1 clients can acccess internet.
> But I want to enable firewall on it and as soon I
> enable filter bridged traffic internet stop working on
> OPT1 clients.
> 

version 1.11 I'm assuming?  Is your OPT subnet not within your WAN
subnet?  There is a bug in filtered bridging under those
circumstances, in that it uses antispoofing rules on the bridged
interface where it shouldn't.

Best solution is to upgrade to 1.2b9, as that bug was discovered and
fixed several 1.2 versions ago.  Or you can put in a static route on
your OPT interface for the public IP subnet on that interface,
pointing to any IP.  The route doesn't actually function as a route,
but routes open the antispoofing rules to allow the subnets contained
within them.  You don't want or need to disable the default rules.

-Chris