[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Bypass firewall rules for traffic on the same interface
 Date:  Sat, 10 Mar 2007 18:57:27 -0600
Greetings,

I have a working configuration, but a question is bugging me.

The question centers around having multiple subnets on a single  
interface.

LAN: 10.10.10.1/24
OpenVPN Server LAN IP: 10.10.10.250
OpenVPN Server virtual subnet: 10.11.10.0/24
LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250

With the Advanced option "Bypass firewall rules for traffic on the  
same interface" is checked, everything works as expected.

But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP  
session from the 10.11.10.0 net to the 10.10.10.0 net, the forward  
path works, but the return bath is blocked in m0n0wall.  Even with  
LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any

The return (destination 10.11.10.XX) is always blocked in m0n0wall  
(per firewall logging).

I am quite satisfied keeping "Bypass firewall rules..." checked, but  
I want to understand why m0n0wall is dropping LAN subnet1 to LAN  
subnet2 traffic in the firewall.

Thanks,

Lonnie