[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 and VLANs problem setting up
 Date:  Mon, 1 Oct 2007 16:16:17 -0400 
On 10/1/07, Joe Lagreca <joe at bignetonline dot com> wrote:
> What is the need for the rule on the LAN that allows internet access?
> Is it there to let in any traffic from anywhere that was originated on
> the LAN?
>

Because without any rules, all traffic is dropped. If you don't allow
anything on the LAN, no traffic can go from the LAN interface to any
other interface.


> If I don't have any rules on the VLAN interfaces, then other VLANs
> should not be able to ping each other, correct?  Right now I think
> they can ping each other with no rules.
>

If you have no rules at all on your VLAN interfaces, it will drop all
traffic on those interfaces. Since routing was apparently working, you
have to have rules on the interfaces where traffic is being passed (at
least one of them, reply traffic is passed by the state table and is
not evaluated by any rules).

-Chris