I'm embarassed I can't make this work, it seems so simple. And I didn't
find the solution searching the list, and I assume I'm just missing
something so obvious...
I've got 1.22 setup on a 4801 (w/ 1621 lan) with the following interfaces:
WAN: (DHCP via cable modem)
The only device plugged into the 'WiFi' subnet is a Linksys wireless router,
and I've plugged directly into the switch and bypassed the LAN connector
(after I disabled DHCP and set it's address to 192.168.1.150).
The problem is I want to be able to ssh into a box on the LAN from either
the 'WiFi' or 'DMZ' subnets. In addition, I need NetBIOS services available
to 'WiFi' users. So, I'm starting simply trying to ssh from 'WiFi' to a
'LAN' server and I can't connect.
My rules look like this:
Block TCP/UDP "LAN net" * "! WiFi net" 135
Block TCP/UDP "LAN net" * "! WiFi net" 137-139
Block TCP/UDP "LAN net" * "! WiFi net" 445
Allow * "LAN net" * * *
Block * "RFC 1918 networks" * * *
Block * * * * *
Allow TCP/UDP "WiFi net" * 192.168.1.250 22 (SSH)
Allow TCP/UDP "WiFi net" * 192.168.1.250 80 (HTTP)
Allow * "WiFi net" * * *
When I try to ssh into the LAN from WiFi, I see an entry in the firewall
state table for port 22, but the connection still fails.
So, any suggestions as to what I need to do? The box is pretty much stock,
no static routes, and is the only firewall/router on the network.
Thanks for any help,