Firewall/NAT

I'm struggling with the following problem atm: I have Wlan (opt1) bridged with the lan and put the following rules in Place:

Lan: Proto *; Source *; Port *; Destination *; Port *;
Opt1: Proto *; Source *; Port *; Destination *; Port *;

The rules are the first on the list and I even allowed fragmented Packages in both of them, just to be sure.
Yet, the firewall blocks my attempts to connect to my iTunes Libraries (0.14 is the main pc on the lan, 0.196 is the lappy):

Act     Time     If     Source     Destination     Proto
X    23:16:25.929537    LAN    192.168.0.14, port 3689    192.168.0.196, port 53179    TCP
X    23:16:23.529146    OPT1    192.168.0.196, port 3689    192.168.0.14, port 52549    TCP

I have absolutely no idea what's wrong with it.... can anyone help? I'd be very thankful...
(m0n0wall is 1.3 final on a wrap board, but the problem was also there on 1.3b16 and probably also before)

I'm struggling with the following problem atm: I have Wlan (opt1) bridged with the lan and put the following rules in Place:

Lan: Proto *; Source *; Port *; Destination *; Port *;
Opt1: Proto *; Source *; Port *; Destination *; Port *;

The rules are the first on the list and I even allowed fragmented Packages in both of them, just to be sure.
Yet, the firewall blocks my attempts to connect to my iTunes Libraries (0.14 is the main pc on the lan, 0.196 is the lappy):

Act     Time     If     Source     Destination     Proto
X    23:16:25.929537    LAN    192.168.0.14, port 3689    192.168.0.196, port 53179    TCP
X    23:16:23.529146    OPT1    192.168.0.196, port 3689    192.168.0.14, port 52549    TCP

I have absolutely no idea what's wrong with it.... can anyone help? I'd be very thankful...
(m0n0wall is 1.3 final on a wrap board, but the problem was also there on 1.3b16 and probably also before)

If you mean it blocks the iTunes service, those are the wrong IPs for it. Those are local non-routable IPs you have listed in the block table. Are you referring to iTunes connecting from one machine to another on your local network?

Are you referring to iTunes connecting from one machine to another on your local network?

Yes I am. The 0.196 is a laptop connected via the OPT1/w-lan interface, the 0.14 is a computer connected to the lan interface. lan and OPT1 are bridged. So the connection attempt is purely local. I can also ping the machines without any problems.

Are you referring to iTunes connecting from one machine to another on your local network?

Yes I am. The 0.196 is a laptop connected via the OPT1/w-lan interface, the 0.14 is a computer connected to the lan interface. lan and OPT1 are bridged. So the connection attempt is purely local. I can also ping the machines without any problems.

It's hard to say, I've got a similar setup and don't have any problems connecting PCs though it's not with iTunes, but games and other software work without any hiccups.

I'm not sure, but I don't think firewall rules should interfere with your setup, but just for reference, both are allowed access to each other?

I think so. The "allow" rules are stated in my first post

Lan: Proto *; Source *; Port *; Destination *; Port *;
Opt1: Proto *; Source *; Port *; Destination *; Port *;

I think that should allow any traffic from any computer going anywhere. Or am I wrong here?

I think so. The "allow" rules are stated in my first post

Lan: Proto *; Source *; Port *; Destination *; Port *;
Opt1: Proto *; Source *; Port *; Destination *; Port *;

I think that should allow any traffic from any computer going anywhere. Or am I wrong here?

You're right, should be unrestricted access both ways. Identical to what I have for firewall rules. So I am kind of stumped to what the issue may be.

m0n0wall has a certain base level of firewall rules that are enforced before any user level rules are processed.  So while a rule of * looks like it should allow all traffic, it's Dependant on it passing the built in rules.

Monowall's bridge is now always filtered/firewalled since 1.3.

To see you exact set of rules, go to /status.php and see the section ipfstat -nio

or go to /exec.php and execute

ipfstat -nioh

to see the counters for each rule, see which one is incrementing ?