[ previous ] [ next ] [ threads ]
 
 From:  Alex Bihlmaier <thalunil at kallisti dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Second m0n0wall as filtering, 1 ethernet interface for in/out
 Date:  Tue, 20 Jul 2004 19:55:26 +0200 
Hi Guys.



I want to use the m0n0wall software/freebsd package as second packet
filter in my LAN.

There is an existing NAT Gateway and the m0n0wall appliance should be
the standard gateway in the LAN. Then, the m0n0wall should forward all
outgoing packets to the existing packet filter.

I set up the LAN Interface (sis0) correct, in the WAN (sis1) Properties
i used a host in the network of sis0 as default gateway (netstat -r -n
confirmes this).


I can PING an external host, but TCP Communication fails.
The syslogd shows:

shuttle ipmon[65]: 13:40:17.999310 sis0 @0:11 b 192.168.222.132,1158 ->
83.129.115.238,80 PR tcp len 20 255 -AP IN



As far as I can see, this packet was captured by ipmon because of the
default blocking rule.
BUT I have a allow all rule from this subnet to any.


The "WAN Interface" (sis1) doesn't have an active ethernet link.



thanks,
thalunil