[ previous ] [ next ] [ threads ]
 From:  "Neil Schneider" <pacneil at linuxgeek dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Problems with routing over ipsec tunnel
 Date:  Wed, 17 Mar 2004 04:07:34 -0800 (PST)
I have two wireless cards running ipsec between them. Both are configured
for other than WAN interfaces. One is configured with a bogus WAN
interface and a default route set for the wireless interface, to avoid
some of the built in firewall rules of m0n0wall. The default route points
to the wireless interface. The second is connected to a public T-1. I can
route traffic just fine between the two subnets. However when someone
connected to the first machine tries to connect to the internet their
traffic gets stopped by rule 15 in m0n0wall. It appears I have two rule
@15 pass out quick on wi0 from any to any keep state
@15 block in log quick on wi0 from any to any

Which I suppose makes sense, because I have a rule in m0n0wall that says:
Proto  Source  Port  Destination  Port  Description
  *       *      *        *         *

So why do I see these errors when a client on the network
tries to connect out to the internet?

ipmon[69]: 15:18:55.528267 wi0 @0:15 b,1139 ->,80 PR tcp len 20 48 -S IN

And the connection fails.

Neil Schneider                              pacneil_at_linuxgeek_dot_net
Key fingerprint = 67F0 E493 FCC0 0A8C 769B  8209 32D7 1DB1 8460 C47D

Fires can't be made with dead embers, nor can enthusiasm be stirred by
spiritless men. Enthusiasm in our daily work lightens effort and turns
even labor into pleasant tasks. --James Baldwin