Bruce A. Mah --> m0n0wall (2004-07-23 08:03:03 -0700):
> For future reference: It took me awhile to figure out that the above
> means that m0n0-gw's WAN interface is v.w.x.y./z and everything to the
> right is supposed to be a part of 192.168.0.0/24. At first I thought
> the vertical line was another network.
Indeed, you're right. That was a bad choice for separator characters.
But you interpreted it correctly.
> If OPT1 is the unnumbered bridge interface, the rules generator might be
> trying to generate the anti-spoofing rules corresponding to the other
> side of the bridge (the LAN interface). This would be consistent with
> the rule you showed above.
That makes sense. I should probably read the code of the rule
> So one thing to try might be to reconfigure m0n0-br with a WAN interface
> facing towards m0n0-gw and its OPT1 interface facing towards your LAN.
> Bridge the OPT1 interface to the WAN.
I'll try that, thanks for the hint.
However, AFAICT the m0n0wall GUI won't let me set up the WAN interface
without an IP address (except if I configured it to use DHCP and
there's no dhcpd, but that's not very nice...); on the other hand
I could use an IP address on the LAN side (to access webGUI). So
maybe I'll try it the other way round: WAN interface towards LAN,
and OPT1 (bridged with WAN) towards the real gateway.
But first of all, I'll read the code...
Thanks for your help!
$ ((RANDOM%6)) || rm -rf ~