Wireless Internet access does not work



  • Wifi computers may only connect to the internet and not access LAN (or any other future DMZ).

    normal lan: 192.168.1.x
    wifi 192.168.3.x

    i created the following rules:
    Firewall: NAT: Outbound
    WAN    192.168.3.0/24  *  *  *  *  *  NO

    Firewall: Rules: Wireless tab
    *  WIRELESS net  *  WAN net  *  *  none

    If i change the rule like this, then it works (like shown in m0n0wall handbook)
    *  WIRELESS net  *  ! LAN net  *  *  none

    But i don't like this system. A firewall should block everything unless i make a rule. This rule only blocks the access to 1 subnet. If i later add another DMZ i have to create a rule otherwise the wifi systems can connect to this DMZ.
    So, the question is. Can i allow access with only "allow" rules?



  • Firewall does block everything by default, but if you have rule pass any then it's going to pass any.
    you can create a rule pass !lan net

    Try that if that is any better



  • @Metu69salemi:

    Firewall does block everything by default, but if you have rule pass any then it's going to pass any.
    you can create a rule pass !lan net

    Try that if that is any better

    the point is that i want a rule that wifi may connect to the internet (and only the internet). So i want to create that like this:
    *  WIRELESS net  *  WAN net  *  *  none

    I don't like the idea of a rule saying: "the wifi can connect to everything, except the lan network". This will immedialtly cause a security breach when i add a new network subnet later.



  • You can also use an alias like "local nets"
    then when you add new interfaces etc you add that network to local nets so by using pass !"local nets" rule you can do what you desire.

    But how this notation works is out of my hands.


Log in to reply