False alarm. Is seems that it does work. However, I had the cable
unplugged at some stage, and after plugging it in again (into OPT), I
had to restart m0n0wall for the interface to come up properly. Now
everything is fine.
On 13/12/06, Roland Giesler <roland at giesler dot za dot net> wrote:
> On 13/12/06, sai <sonicsai at gmail dot com> wrote:
> > You should have a LAN rule allowing you to access the OPT.
> > * LAN net * * *
> > will allow you to access everything from LAN.
> I have that (had it before I added OPT), but it doesn't allow me to
> "see" past 10.10.10.1 (OPT ip address) from the LAN.
> > * LAN net * OPT NET *
> > Will allow you to access the OPT from the LAN
> Is this rule not superfluous if you have the first rule above?
> There must be something else that is required, since it doesn't work.
> Roland Giesler
> Green Tree Systems cc
> Stellenbosch, South Africa
> +27 (0)72-450-2817
> > On 12/13/06, Roland Giesler <roland at giesler dot za dot net> wrote:
> > > When one has set up an optional interface (OPT) (either with an
> > > Captive Portal or without) I run into a problem. While there are many
> > > articles on the web that describe how to set up a DMZ and specifically
> > > how to prevent or allow the OPT client from accessing the LAN ip
> > > address, none can be found that explain how to do the opposite.
> > >
> > > I would like to / need to have access to the networks that connect via
> > > OPT to the firewall from the LAN. I have played with all sorts of
> > > rules, but none seem to be able to allow me to ping (for example) even
> > > the next hop on the OPT connection.
Green Tree Systems cc
Stellenbosch, South Africa
Order free-range lamb now at http://www.meat.za.net