[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Separate subnet optional interface
 Date:  Mon, 14 Aug 2006 19:46:29 +0100
Hi,

In message
<77d16f2a0608141137w186107far32839c8989b0aa2b at mail dot gmail dot com>, THEON
COMPUTER CORPORATION <computerservices at gmail dot com> writes
>Hello, I'm having an issue trying to add a different subnet to my optional
>OPT 1 interface on my monowall box.
>
>We have added an optional interface, we gave it an ip address of
>192.168.70.1 as opposed to our LAN interface of 192.168.60.1.
>
>Then I went to rules and I added the following rule under LAN
>
>Proto        Source        Port        Destination         Port
>Description
>
>*           Subnet_70       *            LAN net              *
>
>Then I went to rules and I added the following rule under LAN
>
>Proto        Source        Port        Destination         Port
>Description
>
>*           Subnet_70       *            *                        *
>
>Unfortuantely, I'm not able to get to any resource to the
>192.168.70.0network. The only way it seems to work is if I bridge the
>optional interface
>to the LAN. Is that a good configuration to have?

Those rules are correct but they need to be applied to the OPT1
interface.  Rules apply to the interface the packet enters.  Related
packets (replies, etc.) are automatically allowed.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk