[ previous ] [ next ] [ threads ]
 From:  Edward Saipetch <beamz at twentybelow dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN Problem help !!
 Date:  Sat, 25 Sep 2004 00:03:05 -0500
Slightly offtopic, but I've got a DSL modem hooked to the WAN interface 
but the only way to manage the device is by its private ip 
address. I've left "Block private networks" unchecked for awhile even 
though I know it's good to have turned on purely so I could do some DSL 
troubleshooting and connection monitoring. Is there a way to explicitly 
let that traffic through similar to setting up pf.conf and setting the 
rules higher or is the block private networks directive higher up in the 
ipf/pf.conf that there's no way to set a rule to override it?

- Ed

Chris Buechler wrote:

>On Thu, 23 Sep 2004 07:58:09 -0600, Luu Duong <xxxxxx at medialogic dot ca> wrote:
>>Did you try unchecking the option for "Block private networks" for the
>>WAN interface. This would be a security risk normally.
>Don't do this, it's not necessary.  The VPN traffic coming in on the
>WAN will be coming from the public IP of the remote VPN gateway.  It
>doesn't have a source of a private IP until it's decrypted by the
>m0n0wall and passed onto the LAN, which is after it's passed through
>the WAN firewall rules.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch