|
||||||||
I have a /28 IP block WAN and DMZ are bridged (filtered bridge) LAN and DMZ are on same switch (all my servers have both a 192.x.x.x IP and a real IP) LAN has two rules: FROM 192.x.x.x * TO * * ALLOW NOLOG FROM * * TO * * BLOCK NOLOG DMZ has similar rules: FROM 209.x.x.x * TO * * ALLOW NOLOG FROM * * TO * * BLOCK NOLOG I added the two blocks without logging because the switch sometimes still sends packets out all its ports... so the LAN port sees a DMZ packet on occasion. Here's the problem... m0n0wall is still logging the 209.x.x.x packets that show up on the LAN port instead of not logging them like it should. Same for DMZ... it logs seeing 192.x.x.x packets. The packets ARE NOT trying to be routed... for example... LAN sees packets from 209.x.x.1 to 209.x.x.2... It shouldn't try to do anything with it... but it still logs it. Any ideas? I'm sure an option at some point is to actually use two switches and two NICs in each computer... but in the meantime... ------------------------------------------------------------ Jason J Ellingson Technical Consultant 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com jason at ellingson dot com |