Firewall/NAT

Hello!
I've just set up a M0n0wall for a friend. I'm a pretty new user and with not so much experience of advanced firewalls.
On the LAN my friend has desktop computers and a fileserver. On the OPT1 interface he have an accesspoint. Now my question is; How do I make it possible to allow traffic between OPT1 and LAN so he can reach his files från a wireless client?

Thanks in advance

You do this by setting rules up.  When you first install Monowall it has a default rule to allow traffic from the LAN to everywhere and this is the only rule.  You will have to add rules from the Opt1 subnet to where ever you want.  Personally I have a similar setup and I restrict traffic between the Wireless subnet and the LAN and allow all traffic out to the inernet.  For specific services I set up rules for the specific ports used and if I need blanket access I have set up the PPTP VPN and connect to the Monowall VPN to access the LAN.  This increases the security for your network, as wireless traffic can be hacked.

Hope this helps.

Thanx for the answere. I've allready done what you describe but i can't get it to work. :-/
My rules are looking like on the screenshots.
http://www.nirnet.se/files/blaxtar/monowall-LAN1.jpg
http://www.nirnet.se/files/blaxtar/monowall-LAN2.jpg
http://www.nirnet.se/files/blaxtar/monowall-WAN.jpg

The rules look fine.  What is the problem?

The problem is still what i described above, i can't reach LAN from OPT1 and vice-versa :-/
Can LAN & OPT1 reach each other by the deafult configuration? Isn't is so that I have to change some setting or create some rules to make it possible for LAN & OPT1 to reach each other?
Excuse my bad english ;-)

Edit: Maybe it can have something to do with the "Block private network" under WAN-configuration? What does that rule mean?

If it isn't working both ways, it suggests a problem with the IP subnet on the Opt1 network.  You mention an access point on the opt network.  It this just an access point, or is it a wireless router?

The block private networks rule is to block any private network addresses from coming in on your WAN connection.  This is because normally the WAN port will have your internet IP address.

On the OPT1 there is a router, a D-link DIR-615 but this router is acting just like an accesspoint. There is a setting called somethink like "Use DIR-615 in access point mode". It turns of DHCP, Firewall, NAT and so on.
Maybe i should try to connect the computer direct to the OPT1 ethernetport on the M0n0wall?

Thanks for the answer about the block private networks rule.

But just to make it clear. Does M0n0wall block traffic between 2 different LAN-interfaces with the default configuration?

But just to make it clear. Does M0n0wall block traffic between 2 different LAN-interfaces with the default configuration?

Yes.

But just to make it clear. Does M0n0wall block traffic between 2 different LAN-interfaces with the default configuration?

Yes.

But the rules you have in place allow the traffic and by default it allows traffic from the LAN to any.  The fact you aren't getting traffic both ways would point to an IP problem.  Can you hard wire a PC to the opt network either with a switch or crossover cable.  Check you are getting a DHCP address in the correct subnet and have connectivity.

I'll try hard wire tomorrow with a crossover-cable. :-)

But, the rules on LAN & OPT1 only allows traffic from LAN (and OPT1) to any. It does not allow traffic to enter LAN or OPT1. Or is traffic always, by default, in some way allowed to enter LAN (and OPT1)?

Problem solved, probably it depended on a software firewall and a broken PCI-networkcard. Now everything works just fine with the same rules as before.
Thanks for all your commitment!