[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Michael_=D8stergaard_Pedersen?= <michael at bytopia dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Possible bug: LAN redirection via static route
 Date:  Tue, 18 May 2004 14:47:04 +0200 (CEST) 
I have solved the problem (I think). I wouldn't call it a bug in m0n0wall,
but rather a side effect of how stateful firewalls work.

By executing the command:

echo '@67 pass in quick on dc0 from 192.168.1.0/24 to any' | ipf -f -

it suddenly works. The other rule that should have allowed the traffic:

@2 pass in quick from 192.168.1.0/24 to any keep state group 100

Doesn't work because of the "keep state" (or "group") and as I described
before is has no state for the packet that arrives later so it is dropped.

If someone can explain the exact cause of this I am very interested.

-Michael