News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Firewall rules between local networks
Pages: [1]
Topic: Firewall rules between local networks  (Read 1431 times)
« on: March 01, 2013, 16:44:14 »
Phatsta *
Posts: 12
Hi everyone,

We have a m0n0 that's the center of everyones attention. It routes almost all network traffic between 2 LAN's, 1 IPSec tunnel and WAN. It's working perfectly, but I need to limit the access between the two LAN's, and that isn't really going the way I want it to.

After much trial and error, I've discovered that I cut off internet access to any given LAN, unless I add a rule like "Allow TCP from LAN to any". This is the only setup that allows the internet to be routed to the LAN's, but on the other hand it also, of course, allows traffic betwwen LAN1 and LAN2, which is the very thing I'm trying to limit.

As I said ONLY, and I mean only, when I add this specific rule;
Allow TCP from LAN to any
...will it actually let me access internet from the LAN. Which is kinda weird, isn't it?

Anyone heard of this or am I just being thick in the head?! Cheesy
« Reply #1 on: March 01, 2013, 18:36:16 »
Lennart Grahl ***
Posts: 153
Yeah, that's true. But there is a solution for your problem.

m0n0wall doc
Quote
First remember rules are processed top down, and the first match is the only rule that applies.

So just add a few blocking rules above your "Allow TCP from LAN to any" rule.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines