At 19:40 2004-01-02 +0100, you wrote:
>On 02.01.2004, at 18:58, Michal Cech wrote:
>
>> I set LAN (rl0): 10.10.10.100/24
>>
>> I add IP alias on LAN interface
>> ifconfig rl0 inet 10.10.20.100/24 alias
>>
>> ...
>> PC 10.10.10.1  --->  10.10.10.100  OK
>> PC 10.10.20.1  --->  10.10.20.100  TIMEOUT !!!!!
>> ----------------------------------------------------
>> ???????????????????????????????????????????????
>> WHY NOT WORK ALIAS ON LAN  ???
>
>BECAUSE M0N0WALL HAS NOT BEEN DESIGNED FOR IP ALIASES! </capslock>
>Seriously, what makes you think you can just enter some BSD command and 
>then expect it to work? m0n0wall is a firewall, remember?, and your 
>problem is that the filter rule generator automatically adds 
>anti-spoofing rules for each interface. It obviously doesn't know about 
>the alias you added to the LAN interface with ifconfig, so your packets 
>are being blocked by the anti-spoof rule for LAN. It works on WAN 
>because there the anti-spoof rules only need to block packets that 
>claim to be from LAN or one of the optional subnets.
>
>Anybody making changes to m0n0wall through other means than the webGUI 
>is definitely on his/her own and doesn't need to complain if it doesn't 
>work as expected. Remember that sentence in red on exec.php? "Note: 
>this function is unsupported. Use it on your own risk!"
>
>- Manuel
>

Well spoken!

I actually am designing a system allowing a private and a public adress on
LAN but the firewall had to be chopped into pieces to make it work. That's
another story and requires a lot of hacking in the /etc/inc and is NOT
RECOMMENDED if you don't know what you are doing. I worked with BSD for 1
1/2 year before I started on this and I still make regular visits to
freebsd.org to find references and man is my best friend.

// Björn