I just recently set up my OPT1 interface. Here is how I have it:
LAN - 192.168.7.0/24
OPT1 - 192.168.8.0/24
These networks can talk to each other no matter what rules I have in my filter
list. I have even tried an explicit deny all for both LAN interfaces, which
certainly stopped traffic out to the internet, but wont prevent traffic between
the local networks.
I have set up a captive portal on OPT1 with RADIUS authentication, as it is
bridged with my wireless router. I'm planning on making it a free-for-all, but
only once I get some accounting and management measures in place. I obviously
don't want random people from the street to access services that I run on LAN.
I have a static route set up, I don't know if it is necessary or not. When I
added it, it hung the network interfaces requiring a reboot, so I haven't
really gotten a chance to remove it. With it there, traffic does pass between
networks just fine though.
The route I am using is as follows:
if:OPT1 net:192.168.7.0/24 gw:192.168.8.1
The version of m0n0wall I'm using is generic-pc 1.2b1 set up on a hard drive
with three PCI 10/100 ethernet NICs inside.
I had considered disabling the anti-lockout, but I wanted to consult you guys
before I tried.
I appreciate any assistance you can provide me with on filtering between