I have just purchased a router for my Catalyst 5000 to handle intra-
VLAN routing instead of m0n0wall. I have m0n0 connected to my
internet connection, and a separate VLAN set up between the router
and the m0n0 box on a separate subnet. The router's default route is
set to the m0n0 box. On the router interface of m0n0, I have a rule
set to pass traffic from an internal subnet (192.168.1.x) to
anywhere. However, the traffic is being blocked by this rule:
@18 block in log quick on vlan1 from !10.10.10.0/30 to any
vlan1 is my private interface between m0n0 and the router, and
10.10.10.0/30 is the subnet I'm using between those 2 devices. It
looks like, by default, m0n0 blocks any traffic incoming on an
interface that does not originate from that interface's subnet.
However, this makes using an internal router behind the m0n0wall box
seem impossible. Is there some other way to accomplish this or should
I be doing something different?