[ previous ] [ next ] [ threads ]
 
 From:  Wilko Lunenburg <wilko at sassenheim dot net>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  traffic from outside on bridged lan
 Date:  Wed, 14 Nov 2007 18:17:37 +0100
I run monowall with three interfaces, one for WAN and two for my LAN. 
The first for the LAN is directly connected to the fysical LAN, the 
other is connected to an AccessPoint and I call it WLAN. This second one 
(WLAN) is bridged to the LAN interface. So both share the same ip-range 
(192.168.77.x)

On this WLAN interface the rules are somewhat more restricted than on 
the LAN.

What I don't understand is that I see traffic being blocked by monowall 
that seems to come from ip-addresses on the internet like 71.28.82.220 
or 189.188.32.99 but coming in on the WLAN interface!

I am pretty sure the they cannot come in on the AccessPoint itself as it 
is running with a hidden SSID, WPA2 combined with mac-address filtering.

And there is no NAT rule sending anything from the WAN interface to the 
WLAN interface, the only NAT there is one redirecting port 25 to my 
mail-server that is on the LAN.

But the traffic being blocked is *mostly* towards this port 25. Like 
this one: WLAN 189.188.32.99, port 2410 192.168.77.253, port 25.
The mail-server is on that ip-address. It is just that you cannot reach 
it from the WLAN interface, only from WAN.


So where do they come from?

Wilko