Fabrizio Steiner wrote:
> I have a problem with a Monowall, which I would like to configure as
> a transparent firwall. As for this, I've bridged the WAN interface
> with the Opt1 interface. Now I wanted to have some special Firewall
> Rules for the incoming traffic, e.g. allow only https, this rule has
> to be defined on the WAN interface. On the other hand for the
> outgoing traffic, I want to allow all traffic, as for this there's a
> allow "any to any" rules on the Opt1 interface. Unfortunately the
> rule on Opt1 doesn't apply for traffic that comes from the Opt1
> interface, instead for traffic that comes from the Opt1 the rules of
> the WAN apply. But this rules prevents any traffic except https and
> therefore no communication is possible from Opt1 over the WAN to the
> outside world.
> For testing purpose I've created again an allow "any to any" rule on
> the WAN interface and I've setup both allow "any to any" to be
> logged. If you have some traffic from the Opt1 to the outside World
> and take a look onto the Firewall Log you will see that the rule on
> the WAN is used instead the one on the Opt1.
> Using the same configuration with 1.3b16 works as excepted, and the
> Opt1 rule applies, which is correct. Using 1.3b17 and newer the WAN
> rule applies, so this must be to the change from "BRIDGE to
I too noticed this problem with 1.3 a while back and reverted to 1.2.
Unfortunately I haven't yet had the chance to run up a test firewall and
I had the rules initially on OPT1, as per my 1.2 config, upgraded to 1.3
and everything appeared OK. I think I then rebooted the machine and
everything on OPT1 stopped working so I migrated all of the rules to the
WAN interface and it started working again! And then for some reason it
flipped back so I had to migrate the rules back to OPT1!
I also remember severe performance problems certainly on LAN <-> WAN
traffic such that traffic was being limited to about 1Mbps. Reverting
to 1.2 on the same hardware gave me the full 7Mbps of my ADSL connection.