[ previous ] [ next ] [ threads ]
 
 From:  "Jewell, Michael" <mjewell at law dot umaryland dot edu>
 To:  "Brieseneck, Arne, VF-Group" <Arne dot Brieseneck at vodafone dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: Routing problem
 Date:  Mon, 11 Oct 2010 11:41:32 -0400
Going by your initial email with sparse information...  I never said you couldn't put more
restrictive rules in later,  but initial diagnostics of what's wrong is much simpler with "any any"
rules.  You did say you had "any any" rules,  but you never stated a protocol or interface they were
assigned to.

> The rule set is ANY-ANY so far and I see the traffic passing the firewall. 

If you don't want help or want to give unhelpful responses, then don't post to the listserv.  Most
people who are unfamiliar with firewall rules do not know that pings are ICMP and not TCP/UDP or
TCPIP and require their own specific rules.  It's not a routing limitation of m0n0wall.

-Mike

-----Original Message-----
From: Brieseneck, Arne, VF-Group [mailto:Arne dot Brieseneck at vodafone dot com] 
Sent: Monday, October 11, 2010 1:56 AM
To: Jewell, Michael; m0n0wall at lists dot m0n0 dot ch
Subject: RE: Routing problem

Standard IP any any. So it is not worth to call it a firewall... 

-----Original Message-----
From: Jewell, Michael [mailto:mjewell at law dot umaryland dot edu] 
Sent: 08 October 2010 20:10
To: Brieseneck, Arne, VF-Group
Subject: RE: Routing problem

Do you have an ICMP any any rule?  Or just the standard IP any any?

-Mike


-----Original Message-----
From: Brieseneck, Arne, VF-Group [mailto:Arne dot Brieseneck at vodafone dot com]
Sent: Friday, October 08, 2010 11:09 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Routing problem

Hi all,

I have a strange problem and I don't know a solution.

The situation is like this:
I have a monowall running with a LAN, a WAN and several OPT interfaces.
The monowall itself has 3 physical interfaces.
1 -> WAN
2 -> LAN
3 -> NAS

The OPT interfaces are all on VLANs but the NAS, that is physical LAN
and WAN are on physical as well but have VLAN tagged.

When I am on the GUI of monowall I can ping every host in the NAS
network without any problem from the NAS interface.
But when I try that from any other interface it does not work. The rule
set is ANY-ANY so far and I see the traffic passing the firewall.

On the other side I have a storage system. Default GW is the IP of the
NAS interface of the wall. That is working fine. I can ping the wall and
I can access other systems on other OPT networks without a problem. But
from the OPT networks towards any server in the NAS network is not
possible. But you can reach the IP of the NAS interface of course.

I wonder if there is a routing limitation in monowall...

Any help is highly appreciated.

Cheers
Arne

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch