[ previous ] [ next ] [ threads ]
 
 From:  "Nuno Meireles" <nuno dot meireles at cm dash penela dot pt>
 To:  "Monowall User List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  FW: [m0n0wall] lan firewall rules
 Date:  Fri, 14 Nov 2008 09:20:20 -0000 
Nuno Meireles (nuno dot meireles at cm dash penela dot pt)
Tecnico de Informática
_____________________________________
Município de Penela 
Praça do Município 3230-253 Penela 
(T) 239 560 120
(F) 239 569 400
(W)  http://www.cm-penela.pt



-----Mensagem original-----
De: Nuno Meireles [mailto:nuno dot meireles at cm dash penela dot pt] 
Enviada: sexta-feira, 14 de Novembro de 2008 9:20
Para: 'Tim Nelson'
Assunto: RE: [m0n0wall] lan firewall rules

Thanks for the help, the soluction it´s so easy and i dont see....when i block all traffic from lan
subnet lost the internet connection.



Nuno Meireles 

-----Mensagem original-----
De: Tim Nelson [mailto:tnelson at rockbochs dot com] 
Enviada: quinta-feira, 13 de Novembro de 2008 19:12
Para: Monowall User List
Assunto: Re: [m0n0wall] lan firewall rules

You haven't actually said what type of problem you're having... however looking at your rules... I'd
say there are a few changes you need to make.

1. Your port assignments should be in the "Destination" fields, not the "Source" fields.
2. Your rule for DNS should also/instead allow UDP.
3. Source should always be LAN net for that interface.
4. UDP is unneeded on protocols FTP, HTTPS, and SMTP.

Please make those changes and post more information if the problems persist.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

----- "Nuno Meireles" <nuno dot meireles at cm dash penela dot pt> wrote:

> I setup today a monowall box, but have some with the firewall rules.
> 
> I need to allow traffic  from lan->Wan : http ftp pop smtp and block
> everthing else.
> 	
> This is my setup
> 
> Pro     Soruce  Port        Dest       Port 
> TCP  	   *  	 53 (DNS)  	   *         *  	    	
> TCP    LAN net    80 (HTTP) 	   * 	       * 	  	
> TCP   	* 	110 (POP3)     * 	       * 	  	
> TCP/UDP 	* 	25 (SMTP)      * 	       * 	  	
> TCP/UDP 	* 	443 (HTTPS)     * 	* 	  	
> TCP/UDP 	* 	21 (FTP) 	    * 	 * 	  	
> TCP 	    LAN net 	* 	* 	       * 	  
> 
> Can you help???
> 
> Nuno Meireles
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch