You should have a LAN rule allowing you to access the OPT.

* 	LAN net 	* 	* 	*

will allow you to access everything from LAN.

* 	LAN net 	* 	OPT NET 	*

Will allow you to access the OPT from the LAN

sai

On 12/13/06, Roland Giesler <roland at giesler dot za dot net> wrote:
> When one has set up an optional interface (OPT) (either with an
> Captive Portal or without) I run into a problem.  While there are many
> articles on the web that describe how to set up a DMZ and specifically
> how to prevent or allow the OPT client from accessing the LAN ip
> address, none can be found that explain how to do the opposite.
>
> I would like to / need to have access to the networks that connect via
> OPT to the firewall from the LAN.  I have played with all sorts of
> rules, but none seem to be able to allow me to ping (for example) even
> the next hop on the OPT connection.
>
>    L
>    A
>    N
>    |
>    |
> [M0N0WALL]---[OPT]----[various wifi AP's]
>    |
>    |
>    W
>    A
>    N
>
> I have set up 10.10.10.1 as the address of the OPT interface and the
> connected wifi AP is 10.10.10.2
>
> Do I have to set up a static route to be able to access 10.10.10.2 or
> is there some other method that allows this?
>
> From the firewall I can ping 10.10.10.1 and 10.10.10.2. but not from the LAN.
>
> Help would be much appreciated.
>
> --
> Roland Giesler
> Green Tree Systems cc
> Stellenbosch, South Africa
> +27 (0)72-450-2817
> http://www.thegreentree.za.net
>
> Order free-range lamb now at http://www.meat.za.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>