[ previous ] [ next ] [ threads ]
 
 From:  "John Joseph Fowler" <jfowler at serck dash controls dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall rules not working correctly
 Date:  Thu, 23 Mar 2006 11:27:19 -0000 
Thank you for your reply Christoph.

If i'm interpreting your response correctly, basically you're saying that
m0n0wall is not able to allow/block any ip or ports wthin the same ip/subnet
range witin the same interface? i.e. in my case, cannot create specific
rules for use only in the 172.31.0.0/16 range on the LAN side?

If this is the case, then also what is the option to "Bypass firewall rules
for traffic on the same interface" used for? Doesn't this define whether the
rules should or should not be used if using single interfaces/NIC for LAN
traffic? (apologies if this is not the case, again just my interpretation of
the setting).

As for the Cisco router in place just for a VPN tunnel between our two
sites, it does have ACL's setup to allow all IP traffic within 10.0.0.0/8
and 172.31.0.0/16, and does not have any additional rules to prevent port/ip
traffic in the above range. Unfortunately, this was in place prior to
m0n0wall and is controlled by our main office, hence why I haven't used
m0n0wall as a replacement.

Do you have any suggestions with using m0n0wall to define ip/port blocking
within a LAN network if the above is not possible? or is m0n0wall unable to
fulfill this function at present?

With Kind Regards,
John

**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
Tel: +44 (0) 24 7630 5050   Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com  Admin: post at serck dash controls dot co dot uk
A subsidiary of Serck Controls Pty. Ltd. Reg. in England No. 4353634
**********************************************************************
This email and files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they 
are addressed. If you have received this email in error please notify 
the above. Any views or opinions presented are those of the author 
and do not necessarily represent those of Serck Controls Ltd. 


This message has been checked by MessageLabs
******************************************************************