RE: [m0n0wall] Possible bug: LAN redirection via static route

From:	"Martin Holst" <mail at martinh dot dk>
To:	<christian at nyegaard dot net>
Cc:	<m0n0wall at lists dot m0n0 dot ch>, =?iso-8859-1?Q?Michael_=D8stergaard_Pedersen?= <michael at bytopia dot dk>
Subject:	RE: [m0n0wall] Possible bug: LAN redirection via static route
Date:	Mon, 17 May 2004 14:51:45 +0200

Hi Chris!

There's only one m0n0wall - 192.168.1.254 is another router (Router2)
Setup is like this:

       WAN
        |
    +--------+
    |m0n0wall|---DMZ
    +--------+
        |                        +-------+
       LAN--------192.168.1.254--|Router2|--172.16.1.1
                                 +-------+

Only the first SYN-packets are passed via rule @2 - all other are apparently blocked by @68.

/Martin

-----Original Message-----
From: Christian Nyegaard [mailto:christian at nyegaard dot net] 
Sent: 17. maj 2004 14:33
To: Martin Holst
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Possible bug: LAN redirection via static route

Hi,


> What could cause m0n0wall to skip this rule:
> "@2 pass in quick from 192.168.1.0/24 to any keep state group 100"
> And apply this one instead?
> "@68 block in log quick proto tcp from any to any"

The @2 rule there.. Which m0n0wall is this on? 

I might've misunderstood this completely, but that is a pass in quick rule
On the monowall so I presume this rule is on the m0n0wall in front
Of the 172.16 network?

You may also want to enable logging for @2 to see if it's actually
Noticing anything going by it.

Then again I might've completely missed the point and be way off here.


-Chris


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch