News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Firewall blocks traffic from local network/another local network
Pages: [1]
Topic: Firewall blocks traffic from local network/another local network  (Read 1490 times)
« on: December 09, 2008, 18:53:36 »
malte *
Posts: 2
Hi all,

first I will excuse for mistakes, english isn't my native tongue ,)

Topic:
I want to set up a costumer network in our company. Till now this network consists of a m0n0wall Router, that shares the internet connection and a Linksys WRT54GL WLan router using dd-wrt that is configured with a open WLan (hotspot)
The linksys router is connectet to the m0n0wall network through it's (Linksys router) WAN port, so that the linksys router have it's own network behind the m0n0wall's one.

Note: I use the local user manager of the captive portal for the internet connection.

The problem I have is that conection to the m0n0wall network form the Linksys network is not possible until I'll set up in the m0n0wall a static route for the linksys network.

When I look in the firewall logs, I see many blocked traffic from the linksys network.
Adding a firewall rule, that let pass all traffic that comes from the lan interface network does also not help.


The linksys router is set to router mode, and has configured a static route to the m0n0wall network. I don't know what it exactly does but the dd-wrt interface advise to set it to router mode, when the router is behind a router.
When I set it to gateway mode(it means like a normal singel router), the captive portal would only remark, that the linksys external IP/mac address has acces to the Internet, that means only one client in the linksys network needs to login and all other clients that are connecte to this network have fully access to the internet.

The problem I have, when I setup a static route in the m0n0wall, is that, traffic from the m0n0wall network to the linksys network is blocked by the m0n0wall.
Example: When I want to access the webinterface of the switch in the m0n0wall network, out of the Linksys network, the m0n0wall firewall blocks the traffic that comes from the switch and has as destination the Client address from that I wanted to access the switch.

The problem I also have is, that I wasn't able to find a good documentation for dd-wrt so I can't inform me about these modes, that dd-wrt supports.

My goal is it, to have a open WLan network, that grants acces through m0n0walls captive portal functionallity using the local user manager. For me it is enough security  for now if the granted access is bound to the IP and or mac address.

I'm not an exper in this matter, so can someone tell what I'm doing wrong?


For any suggestions if only grammatical ,) I'm very thankfull Smiley
Thanks & Best regards

malte


Edit: I'm testing m0n0wall 1.235 and 1.3b15. Booth have the same symptoms
« Last Edit: December 12, 2008, 14:48:46 by malte »
« Reply #1 on: December 16, 2008, 22:32:47 »
COMON$ *
Posts: 5
Dont know if this will help your issue but I fixed my local to local issue by bypassing firewall rules for traffic on the same interface.  It is under the System->advanced section

Static route filtering       Bypass firewall rules for traffic on the same interface
This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines