[ previous ] [ next ] [ threads ]
 From:  "Brad Burleson" <bradb667 at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Accessing LAN from other subnets
 Date:  Tue, 4 Apr 2006 22:46:59 -0700

I'm embarassed I can't make this work, it seems so simple.  And I didn't
find the solution searching the list, and I assume I'm just missing
something so obvious...

I've got 1.22 setup on a 4801 (w/ 1621 lan) with the following interfaces:

WAN:  (DHCP via cable modem)
LAN:    (192.168.1.x/24)
WiFi:    (192.168.2.x/24)
DMZ:    (192.168.3.x/24)

The only device plugged into the 'WiFi' subnet is a Linksys wireless router,
and I've plugged directly into the switch and bypassed the LAN connector
(after I disabled DHCP and set it's address to

The problem is I want to be able to ssh into a box on the LAN from either
the 'WiFi' or 'DMZ' subnets.  In addition, I need NetBIOS services available
to 'WiFi' users.  So, I'm starting simply trying to ssh from 'WiFi' to a
'LAN' server and I can't connect.

My rules look like this:


Block TCP/UDP "LAN net" * "! WiFi net" 135
Block TCP/UDP "LAN net" * "! WiFi net" 137-139
Block TCP/UDP "LAN net" * "! WiFi net" 445
Allow  *  "LAN net" * * *


Block * "RFC 1918 networks" * * *
Block * * * * *


Allow TCP/UDP "WiFi net" * 22 (SSH)
Allow TCP/UDP "WiFi net" * 80 (HTTP)
Allow * "WiFi net" * * *

When I try to ssh into the LAN from WiFi, I see an entry in the firewall
state table for port 22, but the connection still fails.

So, any suggestions as to what I need to do?  The box is pretty much stock,
no static routes, and is the only firewall/router on the network.

Thanks for any help,