General Questions

Hi,
I have WAN, LAN, OPT1 LAN and OPt2 LAN interfaces on my monowal 1.231. I used static route to route LAN traffic via a gateway on OPT1 interface as follows.
1. Enabled advanced out bound NAT
2. Set out bound NAT for OPT2 via WAN
3. Set out bound NAT for LAN via OPT1
4. static route on LAN for 0.0.0.0/1 via gateway on OPT1 LAN, 128.0.0.0/1 via gateway on OPT1 LAN (because 0.0.0.0/0 is not posible!)

It worked! LAN traffic is being routed via gateway on OPT1 LAN successfully, however OPT2 LAN users can no longer access data via WAN! I want LAN users to be controlled by captive portal on LAN interface but link out via gateway on OPT1 LAN...:-)

Is this a bug in static route or am I missing something?

I am confused. What are you trying to achieve?  What do you mean by "gateway" on the opt 1 interface? Another router to another network? Can you post a diagram?

Yes another router/filter device i.e. SPAM, Virus, URL etc. filter, with the added benefit of using captive portal to control access via this LAN. While users on OPT2 will have unrestricted access to INTERNET via m0n0wall.
Here is the diagram, I hope it is clear, my first try at 'ASCII diagramming' ;-)




               ____________
              |            |
 INTERNET---->|M0N0WALL    |-------------->LAN
              |            |
               ------------
                 |      |
                 |      |
                 |      --------->OPT2 LAN
                 |
                 |
                 ---------->OPT1 LAN with a gateway/router on x.x.x.x

OK. In this case, there should be no need to mess with the NAT.  By default NAT only works on traffic exiting the WAN interface.  Uncheck the advanced NAT, remove the associated rules and let the monowall NAT the traffic exiting it's WAN connection.  You then add a static route for your additional network and add check the box in System>Advanced for "Bypass firewall rules for traffic on the same interface"  You add rules for the networks.  It might be best to add Any to Any rules on all interfaces to begin with, to make sure that the routing is working correctly, then lock down the traffic that you want.

Thanks markb for your reply and sorry for my late response....
I actually tried these options before, but found out that it is only when I remove the 128.0.0.0/1 route that the problem disappears. But I decided to try again all the same and still have the same issue.
I discovered  that an attempt to create either type of routes, 0.0.0.0/1 or 128.0.0.0/1, for the OPT2 LAN interface is rejected with the message: "A route to this destination network already exists". This implies that static route does not apply the previous routes to LAN interface only, but applies it to all interfaces, thereby attempting the routing of the other LAN interfaces as well as the LAN.
I think this is why this problem exist.