Re: [m0n0wall] m0n0 and VLANs problem setting up

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] m0n0 and VLANs problem setting up
Date:	Sun, 30 Sep 2007 17:53:27 -0400

On 9/29/07, Joe Lagreca <joe at bignetonline dot com> wrote:
> If it is MTU issues, how can I correct it?  Should I make the MTU smaller?
>

Don't do anything unless you run into problems. Using a NIC that
properly supports hardware tagging is the proper solution, if you
can't do that reducing the MTU on all systems is an ugly workaround.

> I thought each interface denies all traffic by default, unless
> otherwise specified.  Is that only applicable on the WAN interface?
> On the VLAN interfaces, I have only created a rule that allows
> everything outbound, like the default rule on the LAN to allow
> internet access.  Since I didnt allow anything inbound, I can't
> understand why other interfaces are able to ping the clients.
>

Rules are only applied inbound to an interface (inbound always from
the perspective of the firewall). If you allow everything on every
interface, everything is allowed. The default on WAN and OPT
interfaces is no rules, so everything is denied. If you add an allow
all rule, you're bypassing that.

-Chris