I sniffed packets between my host and m0n0's LAN interface and I saw
that m0n0 answered with correct MAC address (LAN) to the ARP request
from my host so it's not likely that this is ARP problem.
>Friday, July 9, 2004, 8:22:02 AM, Kolia (nika at hotmail dot ge) wrote:
>K> Recently I downloaded latest beta of the m0n0wall (1.1b15) and tried to
>K> acomplish following:
>K> | |
>K> inet <-------> WAN [m0n0] OPT1 <------> customers
>K> i.e. want bridging with filtering between WAN and OPT1 and management on
>K> LAN interface.
>K> I assigned an IP address to LAN interface and was able to get into
>K> WebGUI. Then I went to 'OPT1' page and setup bridging between WAN and
>K> OPT1. So far so good. Then I tried to enable OPT1 interface and as soon
>K> as did this m0n0 GUI stopped responding although traffic between WAN and
>K> OPT1 was Ok. I also wasn't able to ping LAN interface. Rebooting m0n0
>K> didn't help and I was forced to reset config. I played with firewall
>K> rules and allowed any to any on all interfaces but no success.
>K> Then I burned iso image with 1.0.img and got what I wanted. Any ideas of
>K> what I was doing wrong with 1.1b15?
>K> Thank you in advance,
>I'm running pretty much the same configuration as you and wondering if
>this is the same problem I had when I switched from a PC based
>m0n0wall to a WRAP board.
>Basically, as the OPT1 interface was running in promiscuous mode (so it
>could form the bridge) it was responding to all ARP requests for the
>LAN interface hardware address, before the LAN interface itself
>managed to reply which meant that traffic for the LAN interface get
>redirected through the bridge.
>To test if it is this, try setting a static entry for the LAN IP
>address in your client PCs ARP table and see if you can now connect to the
>m0n0wall admin pages.
>To actually fix the problem once I'd identified it (and that took me
>quite a while) I simply swapped the Network Ports for LAN and OPT1
>over in the Assign Network Ports page on M0n0 and I haven't had a
>problem since (though an alternative if this doesn't work is to set up
>your client PCs to load the static ARP entry into the table at boot).
>Hope this helps.