[ previous ] [ next ] [ threads ]
 From:  =?ISO-8859-1?Q?Yannick_Br=E9hon?= <y dot brehon at qiplay dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Firewall not respecting rules ?!?
 Date:  Mon, 21 Jul 2008 11:00:30 +0200
I have been using m0n0 for quite a while now as my company's router and
firewall, with great results I must say, but I have recently run into
some trouble while changing things in my network.

I have computers sitting behind the WAN interface, and others behind the
LAN one. Even when I add "pass-all" rules on both those interfaces, (and
reset states), m0n0 doesn't let traffic go from LAN to WAN in some very
specific circumstances. These are resumed here:
LAN will ping WAN without any trouble
WAN will ping LAN, the LAN computers receive the PING request, send a
PING response which is filtered by m0n0.
Same thing with SSH, etc (i.e.: computers sitting on the LAN side can
easily ssh into boxes on the WAN side, but the contrary is not true. WAN
computers receive the TCP open packet, reply, and the m0n0wall filters
this reply)

I even see the firewall log saying it has actively filtered the TCP
responses from LAN to WAN, though I have no "block" rules setup... In
fact there is even a proper state created in the firewall states in the
WAN->LAN direction, and yet the replies are blocked.

I am really puzzled by this behavior, and would appreciate any help and
advice you might have!

Thank you very much,