i have 5 interfaces and it works fine:


LAN
ip: 192.168.100.xxx
rules:

pass tcp/udp from lan subnet to 192.168.100.254 port 53
(allow dns)

pass any from from lan subnet to NOT network 192.168.0.0 / 16
(this rule allows internet but not
 the other interfaces)

block any from any to any
(block everthing else)



OPT1
ip: 192.168.11.xxx
rules:

pass tcp/udp from opt1 subnet to 192.168.11.254 port 53

pass any from from opt1 subnet to NOT network 192.168.0.0 / 16

block any from any to any



OPT2
ip: 192.168.2.xxx
rules:

pass tcp/udp from opt2 subnet to 192.168.2.254 port 53

pass any from from opt2 subnet to NOT network 192.168.0.0 / 16

block any from any to any



OPT3
ip: 192.168.200.xxx
rules:

pass tcp/udp from opt3 subnet to 192.168.200.254 port 53

pass any from from opt3 subnet to NOT network 192.168.0.0 / 16

block any from any to any



-- 

lola


> Von: "Jon Tackabury" <jtackabury at binaryfortress dot com>
> Datum: Mon, 2 Aug 2004 00:38:49 -0400
> An: <m0n0wall at lists dot m0n0 dot ch>
> Betreff: [m0n0wall] Destination Network
> 
> Hi,
> I've implemented my m0nowall now, and it's working fairly well.  I have 4
> interfaces on the firewall however, and I don't want any of them to be able
> to talk to each other.  However, I need to create a rule that says "Allow
> traffic coming in OPT1 to the Internet (or WAN subnet)".  Right now this
> doesn't seem possible.  I can create rules that say "Allow if OPT1 is NOT
> going to OPT2"... but then it gets allowed, even if it is going to OPT3
> (which is a bad thing).  Is it possible to get a destination
> interface/subnet for the WAN interface?  Or is there a current way that I
> can configure this?
> 
> Thanks,
> Jon
>