m0n0wall between Internet and internal router not allowing non-interface subnets to be passed?

From:	Zach Lowry <zach at zachlowry dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	m0n0wall between Internet and internal router not allowing non-interface subnets to be passed?
Date:	Wed, 14 Feb 2007 09:26:47 -0600

Hello!

I have just purchased a router for my Catalyst 5000 to handle intra- 
VLAN routing instead of m0n0wall. I have m0n0 connected to my  
internet connection, and a separate VLAN set up between the router  
and the m0n0 box on a separate subnet. The router's default route is  
set to the m0n0 box. On the router interface of m0n0, I have a rule  
set to pass traffic from an internal subnet (192.168.1.x) to  
anywhere. However, the traffic is being blocked by this rule:

@18 block in log quick on vlan1 from !10.10.10.0/30 to any

vlan1 is my private interface between m0n0 and the router, and  
10.10.10.0/30 is the subnet I'm using between those 2 devices. It  
looks like, by default, m0n0 blocks any traffic incoming on an  
interface that does not originate from that interface's subnet.  
However, this makes using an internal router behind the m0n0wall box  
seem impossible. Is there some other way to accomplish this or should  
I be doing something different?

Thanks!

--Zach