[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  "Michal Cech" <cech at finalnet dot cz>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IP Alias on LAN (2 subnets) not working ?
 Date:  Fri, 2 Jan 2004 19:40:48 +0100
On 02.01.2004, at 18:58, Michal Cech wrote:

> I set LAN (rl0): 10.10.10.100/24
>
> I add IP alias on LAN interface
> ifconfig rl0 inet 10.10.20.100/24 alias
>
> ...
> PC 10.10.10.1  --->  10.10.10.100  OK
> PC 10.10.20.1  --->  10.10.20.100  TIMEOUT !!!!!
> ----------------------------------------------------
> ???????????????????????????????????????????????
> WHY NOT WORK ALIAS ON LAN  ???

BECAUSE M0N0WALL HAS NOT BEEN DESIGNED FOR IP ALIASES! </capslock>
Seriously, what makes you think you can just enter some BSD command and 
then expect it to work? m0n0wall is a firewall, remember?, and your 
problem is that the filter rule generator automatically adds 
anti-spoofing rules for each interface. It obviously doesn't know about 
the alias you added to the LAN interface with ifconfig, so your packets 
are being blocked by the anti-spoof rule for LAN. It works on WAN 
because there the anti-spoof rules only need to block packets that 
claim to be from LAN or one of the optional subnets.

Anybody making changes to m0n0wall through other means than the webGUI 
is definitely on his/her own and doesn't need to complain if it doesn't 
work as expected. Remember that sentence in red on exec.php? "Note: 
this function is unsupported. Use it on your own risk!"

- Manuel