[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>, "Mike Dent" <mcdent at gmail dot com>
 Subject:  AW: [m0n0wall] WAN to OPT1 bridging on Soekris 4801 and filtering?
 Date:  Tue, 29 Nov 2005 15:55:34 +0100
1. Check that "enable filtering bridge" is checked at advanced settings
2. Create a rule at WAN: Pass any protocol, source any, destination not Lan-subnet (this will allow
all traffic everywhere but not to LAN-subnet)
3. Create a rule at OPT1: Pass any protocol, source any, destination any (or not LAN-subnet if you
want to block access to LAN from OPT1)

Also keep in mind that order of rules is importent (first match wins). If you have other rules check
that they result in what you want and reorder them if needed. You might want to do 2 rules for each
of the above rules: (Block source any, destination LAN; Pass source any destunation any) to make it
more readable or work better together with other rules you need.

Holger


> Von: Mike Dent [mailto:mcdent at gmail dot com]
> Gesendet: Dienstag, 29. November 2005 15:29
> An: m0n0wall at lists dot m0n0 dot ch
> Betreff: [m0n0wall] WAN to OPT1 bridging on Soekris 4801 and 
> filtering?
> 
> 
> Hi,
> I'm slowly moving over my systems to m0n0wall 1.2. Very impressed so
> far, thanks.
> I'm using a soekris net4801.
> 
> I've put a small switch on my OPT1 interface. This is where I am
> putting my servers.
> I dont want to have any firewall rules affecting these 
> servers but I do want
> traffic shaping to work on here too. (Ive got an Asterisk box in here
> with a nic on the LAN too)
> 
> I've moved a couple servers in to this OPT1 and they are not working
> as I would expect. I seem to be getting intermittent access to them
> from the LAN, and no access from WAN side?
> 
> Am I missing something obvious.
> 
> Which firewall rules would I need to relax etc to affect servers in
> the OPT1 bridged network? Is it WAN or OPT1 or both?
> 
> Thanks.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

____________
Virus checked by G DATA AntiVirusKit