page: Firewall: Rules
OPT1 tab (1 rule)
Source: 172.31.101.10 (IP of PocketPC)
Dest: 172.31.101.2 (IP of PC)
^ Permits access from the Pocket PC on OPT1 to a PC on LAN
***All other traffic is blocked***
LAN tab (2 rules, in order)
Source: not (!) 172.31.101.2 (IP of PC allowed to communicate w/PocketPC)
Dest: OPT1 net (172.31.101.8/29)
^ Blocks all but one host on LAN from accessing any hosts on OPT1
bottom rule (automatically created):
Source: LAN net
Desc: Default LAN - > any
^ Permits any traffic which makes it passed top rule
Does that look right?
----- Original Message -----
From: "Lee Sharp" <leesharp at hal dash pc dot org>
To: "Garrett" <glc at c dash email dot com>
Sent: Friday, October 28, 2005 12:01 PM
Subject: Re: [m0n0wall] Firewall Rules
> From: "Garrett" <glc at c dash email dot com>
> >> The LAN has an "Out Any" rule default. You have to give the LAN an
> >> from the wireless IP. You will need and "In" and an "Out" on the OPT1
> >> for
> >> the LAN IP.
> > Afraid you lost me there. From the "Firewall: Rules: Edit" page:
> > "Choose on which interface packets must come **in** to match this rule."
> To go "out" of the LAN subnet, it comes "in" the LAN interface.
> > How do I add rules for traffic headed out the interface if there's only
> > option for traffic that comes in?
> Every door has two sides. :-) Under the OPT tab, you will have a rule
> of the OPT subnet, "in" to the firewall, with a destination "out" of the
> interface to the IP of the client box. I know the terminology gets
> confusing. It is hard for me to keep straight as well. I think you can
> this with just one rule under the OPT interface. I think...