[ previous ] [ next ] [ threads ]
 
 From:  Ziekke <ziekke at ziekke dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Filter Rules between LAN/OPT1
 Date:  Fri, 1 Oct 2004 19:22:15 -0400
Hello all!

I just recently set up my OPT1 interface. Here is how I have it:
LAN - 192.168.7.0/24
OPT1 - 192.168.8.0/24

These networks can talk to each other no matter what rules I have in my filter
list. I have even tried an explicit deny all for both LAN interfaces, which
certainly stopped traffic out to the internet, but wont prevent traffic between
the local networks.

I have set up a captive portal on OPT1 with RADIUS authentication, as it is
bridged with my wireless router. I'm planning on making it a free-for-all, but
only once I get some accounting and management measures in place. I obviously
don't want random people from the street to access services that I run on LAN.

I have a static route set up, I don't know if it is necessary or not. When I
added it, it hung the network interfaces requiring a reboot, so I haven't
really gotten a chance to remove it. With it there, traffic does pass between
networks just fine though.

The route I am using is as follows:
if:OPT1 net:192.168.7.0/24 gw:192.168.8.1

The version of m0n0wall I'm using is generic-pc 1.2b1 set up on a hard drive
with three PCI 10/100 ethernet NICs inside.

I had considered disabling the anti-lockout, but I wanted to consult you guys
before I tried.

I appreciate any assistance you can provide me with on filtering between
LAN/OPT1!

--
// Ziekke