Re: [m0n0wall] FTP Server to LAN1 and LAN2 problem

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] FTP Server to LAN1 and LAN2 problem
Date:	Sat, 10 Feb 2007 23:34:25 -0600

John Hakk wrote:
> I recently added a forth NIC for a FTP server that I want LAN1 and LAN2 to have access to but am
having problems configuring.
> 
> interface set-up:
> WAN 192.168.3.100  gateway 192.168.3.1
> LAN1 192.168.1.1
> LAN2 192.168.2.1
> FTP server  192.168.4.1
> 
> (no access between LAN1 and LAN2)
> 
> If I bridge the FTP server interface with either LAN1 or LAN2 the bridged LAN can access the FTP
Server but I would prefer to not have to change the bridge selection each time I want to access the
Server from the other (non-bridged) LAN.
> 
> I have tried numerous rules but have not hit upon the right configuration.  I was thinking "static
routes" but do not seem to get any where. "Block private networks" seems appropriate but toggling
on/off does not seem to change things.
> 
> I would assume a rule such as * - FTP Server - * -* -* on the FTP Server interface would allow
access to/from any other interface on the unit. True?

Filters work on the way IN to the firewall.  You need a rule on the LAN1 
and LAN2 interfaces al;lowing access to the FTP server, and a rule on 
the FTP LAN allowing access to LAN1 and LAN2.

			Lee