[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Yannick_Br=E9hon?= <y dot brehon at qiplay dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall not respecting rules ?!?
 Date:  Wed, 23 Jul 2008 10:57:31 +0200
Hello again
I have fiddled some more with my m0n0wall, unsuccessfully. Would anybody
know why the m0n0, when there are "pass-all" rules (ie. any proto, any
source/dest, any port allowed) on all interfaces, might still reject
some traffic? Maybe this is a known bug??
Thanks for your help,
Yannick


> Actually that page is for a filtered bridge. This is not my
> configuration, since the 2 m0n0wall interfaces have 2 different IP
> addresses. I need my configuration to have these 2 subnets connected by
> a router and not a switch, this is important.
> 

>> sorry, I meant http://doc.m0n0.ch/handbook/examples-filtered-bridge.html
>>
>> no nat means you want a transparent firewall.
>>
>> sai
>>
>>

>>> Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN
>>>  interface is 192.168.128.0 / 17.
>>>  the "real" IP address is behind my ADSL box with 192.168.1.1
>>>
>>>  So it looks like this:
>>>
>>>  Internet
>>>    |
>>>  192.168.1.1
>>>    |
>>>   ----------
>>>   |        |
>>>  BOX      Monowall
>>>              |_192.168.128.0/17
>>>
>>>  Problem is that I would like my BOX to SSH into the "monowalled"
>>>  network, without NATting through the Monowall, but using "regular" routing.
>>>  Is that not possible??
>>>
>>>

>>>
>>>> assuming your LAN is private IP addresses and your WAN is real ip addresses
>>>  >
>>>  > <1> you need to add NAT rules.
>>>  > <2> ping is not good at being natted....if you have many pings going
>>>  > at the same time some may not work
>>>  >
>>>  > sai
>>>  >
>>>  >

>>>  >> Hello!
>>>  >>  I have been using m0n0 for quite a while now as my company's router and
>>>  >>  firewall, with great results I must say, but I have recently run into
>>>  >>  some trouble while changing things in my network.
>>>  >>
>>>  >>  I have computers sitting behind the WAN interface, and others behind the
>>>  >>  LAN one. Even when I add "pass-all" rules on both those interfaces, (and
>>>  >>  reset states), m0n0 doesn't let traffic go from LAN to WAN in some very
>>>  >>  specific circumstances. These are resumed here:
>>>  >>  LAN will ping WAN without any trouble
>>>  >>  WAN will ping LAN, the LAN computers receive the PING request, send a
>>>  >>  PING response which is filtered by m0n0.
>>>  >>  Same thing with SSH, etc (i.e.: computers sitting on the LAN side can
>>>  >>  easily ssh into boxes on the WAN side, but the contrary is not true. WAN
>>>  >>  computers receive the TCP open packet, reply, and the m0n0wall filters
>>>  >>  this reply)
>>>  >>
>>>  >>  I even see the firewall log saying it has actively filtered the TCP
>>>  >>  responses from LAN to WAN, though I have no "block" rules setup... In
>>>  >>  fact there is even a proper state created in the firewall states in the
>>>  >>  WAN->LAN direction, and yet the replies are blocked.
>>>  >>
>>>  >>  I am really puzzled by this behavior, and would appreciate any help and
>>>  >>  advice you might have!
>>>  >>
>>>  >>  Thank you very much,
>>>  >>  Yannick
>>>  >>
>>>  >>  ---------------------------------------------------------------------
>>>  >>  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>  >>  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>  >>
>>>  >>
>>>  >
>>>  >
>>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
>