|
||||||||||
To clarify.... page: Firewall: Rules OPT1 tab (1 rule) Action: Pass Proto: any Source: 172.31.101.10 (IP of PocketPC) Port: any Dest: 172.31.101.2 (IP of PC) Port: any ^ Permits access from the Pocket PC on OPT1 to a PC on LAN ***All other traffic is blocked*** LAN tab (2 rules, in order) Action: Block Proto: any Source: not (!) 172.31.101.2 (IP of PC allowed to communicate w/PocketPC) Port: any Dest: OPT1 net (172.31.101.8/29) Port: any ^ Blocks all but one host on LAN from accessing any hosts on OPT1 bottom rule (automatically created): Proto: any Source: LAN net Port: any Dest: any Port: any Desc: Default LAN - > any ^ Permits any traffic which makes it passed top rule Does that look right? ----- Original Message ----- From: "Lee Sharp" <leesharp at hal dash pc dot org> To: "Garrett" <glc at c dash email dot com> Sent: Friday, October 28, 2005 12:01 PM Subject: Re: [m0n0wall] Firewall Rules > From: "Garrett" <glc at c dash email dot com> > > >> The LAN has an "Out Any" rule default. You have to give the LAN an "In" > >> from the wireless IP. You will need and "In" and an "Out" on the OPT1 > >> for > >> the LAN IP. > > > Afraid you lost me there. From the "Firewall: Rules: Edit" page: > > "Choose on which interface packets must come **in** to match this rule." > > To go "out" of the LAN subnet, it comes "in" the LAN interface. > > > How do I add rules for traffic headed out the interface if there's only an > > option for traffic that comes in? > > Every door has two sides. :-) Under the OPT tab, you will have a rule "out" > of the OPT subnet, "in" to the firewall, with a destination "out" of the LAN > interface to the IP of the client box. I know the terminology gets > confusing. It is hard for me to keep straight as well. I think you can do > this with just one rule under the OPT interface. I think... > > |