[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Rules
 Date:  Wed, 8 Mar 2006 08:52:23 -0600 
Johannes Blaas wrote:
> Hi all,
> 
> I've just installed m0n0wall and working on the rules... in my LAN I
> have the rule: 
> 
> * 	LAN net 	* 	* 	* 	Default LAN -> any
> 
> with this rule all ports from all LAN workstations are open. Since I
> want the users to use only port 80, 21 and 443 I added rules that
> allow that, but If I disable the default LAN rule and enable the
> other rules they are still blocked. any ideas why the new rules don't
> work?    

How do you have the rules written? They should look like:

Action:  Pass
Interface:  LAN
Protocol:  any 
Source:  LAN subnet
Source port range  from:  any
                     to:  any
Destination:  any
Destination port range  from:  HTTP
                          to:  HTTP
Fragments:  Allow fragmented packets 
            (I don't know if you should set this or not - I don't)
Log:  Log packets that are handled by this rule
            (If you want it logged - check this)
Description:  Give it a description...  

Your confusion may be source port. The client will set the source port
to a random number. The destination will be port 80 (for http)

_________________________________
James W. McKeand