[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] LAN rule problem (LAN -> WAN)
 Date:  Mon, 31 Oct 2005 10:41:02 -0600
padexx wrote:
> Hello everyone!
> straight forward to my problem.
> Actually an easy setup:
> I have several PCs in my LAN (all static IPs) and I want only a few
> to be able to acces the internet (WAN).
> For testing only one PC should be able to do that.
> I have created the following rules in my LAN rule-set:
> ALLOW	*	LAN address	*	->	LAN address	*

This rule is not needed.

> ALLOW	*	PC1 		* 	->	WAN address	*

This rule is stating that PC1 can only access the WAN address (i.e. the
address assigned to WAN interface)

> ALLOW	*	PC1 		* 	->	*	*

This rule is stating that PC1 can access any address.
The Deny rule will not block the access to the m0n0wall WebGUI - there
is a hidden "anti-lockout" rule that can be disabled under Advanced.

If you have static addressed PCs, just don't assign a gateway address
(or assign loopback address - on the PCs that should not
access the internet...

James W. McKeand