[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Michael_=D8stergaard_Pedersen?= <michael at bytopia dot dk>
 Cc:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Problem with static routes
 Date:  Sun, 16 May 2004 21:03:52 +0200 
The closest match to that rule I have is the following:

@2 pass in quick from 192.168.1.0/24 to any keep state group 100

But that should do the trick I think (I am a Linux guy so I am not really 
that good at reading these rules :)

-Michael

Martin Holst wrote:
> Hi Michael!
> 
> I believe that stateful inspection should only be applied to RETURN packets from the
172.16.0.0-net to LAN.
> 
> You probably have a pass rule on the LAN interface looking something like this:
> "pass in quick proto tcp from 192.168.1.0/24 to 172.16.1.1/32 port = 22 keep state"
> 
> That should ensure that ANY ssh packets from LAN to 172.16.1.1 are passed - no matter the state.
> m0n0wall will inspect return packets from 172.16.1.1 to LAN - and (hopefully) pass them according
to the implicit allow through "keep state" in the aforementioned rule.
> 
> (I'm still a newbie when it comes to networking - so I may be completely off here).
> 
> /Martin