[ previous ] [ next ] [ threads ]
 
 From:  Jukka Salmi <j+m0n0wall at 2004 dot salmi dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  interfering filter rule
 Date:  Fri, 23 Jul 2004 16:37:56 +0200
Hi,

because I'd like to filter IPsec VPN traffic I set up m0n0wall as a
filtering bridge between LAN and another m0n0wall box (which acts as
the default gateway for LAN hosts):

    inet|-------|m0n0-gw|-----|m0n0-br|-----|LAN
               WAN     LAN   OPT1    LAN
                    |
          v.w.x.y/z |     192.168.0.0/24
         -----------+---------------------------

On m0n0-gw I redirect some port to LAN hosts. Even though m0n0-br
has explicit rules to let these connections pass they are blocked
because of an automatically generated rule wich is evaluated
earlier:

	block in log quick on sis2 from !192.168.0.0/24 to any

(sis2 is the OPT1 interface)

Removing this rule solves the problem.

Is this a bug in m0n0wall or am I missing something?


TIA, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~