Hi all,

I finally found some time and impulse to work on m0n0wall again. Two
features that have been on the wishlist for quite some time have finally
been implemented; here's the full changelog:

- static routes are now supported! This means you can have secondary
networks on LAN or any optional interface
(the filter rule generator has also been modified to generate the proper
anti-spoofing rules for each interface when static routes are setup)

This feature also called for another feature to be actually useful:

- outbound NAT is now configurable. You can turn on "advanced outbound
NAT"; this will cause the NAT rule generator not to generate any outbound
NAT rules automatically anymore (by default one rule per interface (except
WAN, of course) is generated). You can then specify all the subnets you
want to NAT, or if you turn advanced outbound NAT on and don't specify any
rules, then outbound NAT (or NAT in general if no inbound/1:1 rules are
specified either) is disabled completely. Note that NAT is still only done
on packets going through the WAN interface; maybe this will be extended to
all interfaces later.

- syscons and atkbdc support have been removed from the net45xx kernel as
they are not needed at all

- the "Read error" problem with some CF cards on Soekris net45xx should
finally be fixed for good (somebody with a known-bad card please confirm
this?)

Here's a short guide on what to do if you want to allow a secondary
network on the LAN interface to access the Internet:

- add a static route on LAN with the proper destination/gateway

- turn on advanced outbound NAT, make sure to add outbound NAT rules for
your LAN and all your optional interfaces (if any)

- add an outbound NAT rule for your secondary network

- add a filter rule to permit traffic on LAN with source <your secondary
network> and destination any

That's all folks.

Enjoy,

Manuel