Bug Reports

Hi,

Last weekend I tried to migrate the last of our non-m0n0wall firewalls to m0n0wall. This firewall configuration needed secondary IP addresses. When trying to configure those, it looked like everything was working. Traffic flowed according to the firewall rules from the WAN interface to the OPT1 intrerface which has 4 public IP addresses configured.

The one thing that did not work as expected was access from the secondary IP subnets on the OPT1 interface to WAN interface. Only the 'first' subnet (primary IP subnet) could access the outside world through the m0n0wall. I configured some allow-all rule on the WAN and OPT1 interface, but that did not give me the result I was looking for. Outbound traffic was blocked from the secondary subnets on the OPT1 interface.

The IP/interface/NAT configuration:

Interfaces / IP:
WAN - public IP address
LAN - private IP address
OPT1 - 4x public IP subnet

NAT:
Advanced NAT enabled. Defined a NAT rule for the LAN private subnet.


I would really like to migate this firewall to m0n0wall, but also need the secondary subnets to access the outside world. Is the secondary IP feature not entirely ready yet, or should this configuration work? If I need to do some testing or if you need more information, please let me know.

Greetz, Floris Jan

b16 has 'initial' support for secondary ip's.  right now, it only opens the firewalls for traffic from secondaries to the firewall

see http://svn.m0n0.ch/wall/branches/freebsd6/phpconf/inc/filter.inc

and see comment

/* pass traffic from/to secondary ip subnets and the firewall ip in that subnet only*/

and

/* this would be a good place to insert code here to pass traffic from subnets to secondaries etc.*/