Installation

I ve just set up my m0n0wall, i had configuring WAN, LAN, and it's working great. After i had to want add a new pc on the LAN. So i had bridge vr2 to the LAN interface (vr0), and add a new rule on the Firewall/Rules on the configuration page. All is open, this is identical to LAN.
M0n0wall can ping this new computer, but this one can't ping anyone. In the logs page, i can see that firewall is blocking this ip as : 18:42:06.718707      vr2      192.168.1.4, port 54948      192.168.1.1, port 53      UDP

I don't know what can i do more to set up a simple client :/ Anyone can help me ?

Thanks

Why aren't you using a switch connected to your LAN interface and plugging all your PCs into the switch?

Because i have 8 ethernet ports on my soekris.

Ok, i had just to change a things in my firewall rule ... the proto ... (erf) before i had TCP/UDP ... and just 'any' works ... :

*      *      *      *      *


It's very strange because my LAN interface have this to firewall rule :

TCP/UDP      *      *      *      *        


Suggests ?

Hello again ...

Sorry, but now i want to add a 3rd client machine on the vr3 interface. I ve tried to bridged vr3 with LAN, but a message say :
* Optional interface 1 (vr2) is already bridged to the specified interface.

In effect that true but how can i add simply client machine on the interfaces ?

Ok i ve just understand that I had to add new subnet for each interfaces, and it's works, all the machine connected to 192.168.3.0 and 192.168.4.0 have net access.

But now I want all the machines on 192.168.3.x subnet (for example), can access to 192.168.x.x subnet. How can I do ?

For IP networking, every network interface in a machine has to define and belong to a unique network. You can not have two or more interfaces defining or belonging to the same network. That's just the reality of it - to have it any other way would be ambiguous and just not be capable of working.

Now that you have every interface defining a different network, you are going to have to have rules to allow traffic between interfaces. After all, this is a firewall. Not hard to do for the first extra interface, but as you add more, each and every interface is going to need rules to allow traffic between each and every other interface.

A cheap hub or switch would greatly simplify things if you don't require the isolation separate interfaces provides, but that idea was already suggested.

Yes in effect, when you suggest to me to add a switch to simplify my network, i had not understood yet what each interface MUST be configured for differents subnets.
So now i understand better your proposition, and add a switch
But a little question persist, how a 192.168.1.x can see/ping a 192.168.2.x  ?  I must change the netmask perhaps ?

Thanks for all

The default behavior on interfaces is to deny traffic. You have to have one or more rules in place to allow traffic. Therefore, for an interface to be usable, it must have at least one firewall rule. Try looking at the rule(s) in place for a LAN interface that works, then use that as an example to create rules for the other LAN interfaces. You may or may not be able to use a broad netmask with a single rule rather than multiple narrower rules.

As I am sure you have noticed by now, turning a firewall into a switch isn't an especially easy thing or a good idea.

Yes I did. Big thanks for all.