|
||||||||||
Hi, Bruce A. Mah --> m0n0wall (2004-07-23 08:03:03 -0700): > For future reference: It took me awhile to figure out that the above > means that m0n0-gw's WAN interface is v.w.x.y./z and everything to the > right is supposed to be a part of 192.168.0.0/24. At first I thought > the vertical line was another network. Indeed, you're right. That was a bad choice for separator characters. But you interpreted it correctly. > <speculation> > > If OPT1 is the unnumbered bridge interface, the rules generator might be > trying to generate the anti-spoofing rules corresponding to the other > side of the bridge (the LAN interface). This would be consistent with > the rule you showed above. That makes sense. I should probably read the code of the rule generator... > So one thing to try might be to reconfigure m0n0-br with a WAN interface > facing towards m0n0-gw and its OPT1 interface facing towards your LAN. > Bridge the OPT1 interface to the WAN. > > </speculation> I'll try that, thanks for the hint. However, AFAICT the m0n0wall GUI won't let me set up the WAN interface without an IP address (except if I configured it to use DHCP and there's no dhcpd, but that's not very nice...); on the other hand I could use an IP address on the LAN side (to access webGUI). So maybe I'll try it the other way round: WAN interface towards LAN, and OPT1 (bridged with WAN) towards the real gateway. But first of all, I'll read the code... Thanks for your help! Cheers, Jukka -- bashian roulette: $ ((RANDOM%6)) || rm -rf ~ |