[ previous ] [ next ] [ threads ]
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Bypass firewall rules for traffic on the same interface
 Date:  Sat, 10 Mar 2007 18:57:27 -0600

I have a working configuration, but a question is bugging me.

The question centers around having multiple subnets on a single  

OpenVPN Server LAN IP:
OpenVPN Server virtual subnet:
LAN Static Route: (NET) (GW)

With the Advanced option "Bypass firewall rules for traffic on the  
same interface" is checked, everything works as expected.

But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP  
session from the net to the net, the forward  
path works, but the return bath is blocked in m0n0wall.  Even with  
LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any

The return (destination 10.11.10.XX) is always blocked in m0n0wall  
(per firewall logging).

I am quite satisfied keeping "Bypass firewall rules..." checked, but  
I want to understand why m0n0wall is dropping LAN subnet1 to LAN  
subnet2 traffic in the firewall.