Sorry if it has already been asked...
I am running 0.73.6, and in lan interface setup I see I can brigde it
with my wan interf. This is exactly what I am looking for (I want to
build a transparent proxy that scans http and pop3 traffic for virus),
but I can not understand how the bridge setup work
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> Sorry if it has already been asked...
>
> I am running 0.73.6, and in lan interface setup I see I can brigde it with
> my wan interf. This is exactly what I am looking for (I want to build a
> transparent proxy that scans http and pop3 t
Not at all. It's a brand new option that I commited.
Cool! I was thinking to modify the source, because I was needing it!
You can assign an IP to either of them. Note that if you do notassign an IP to the LAN subnet you need to access the WebConfigurator
from the WAN which will require rules t
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> Oh, I did not try to save my LAN configuration leaving the IP field blank..
> eh eh
> When I enable this option, does dhcp server changes his configuration
> automatically, or do I have to change it by hands?
As always you need to upda
> Can I modify filter.inc, in order to include web access from WAN when> bridging is enabled? Are you interested in it?
Huh!? Just add a firewall rule permitting traffic to the webGUI port.
I was thinking that a new rule should be inserted automatically when you save, if anti-lockout is enabled..
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> I was thinking that a new rule should be inserted automatically when you
> save, if anti-lockout is enabled..
I'm not sure this is a good idea. This would allow anyone from the
WAN in. Besides, how is it gonig to know what to unlock si
I'm not sure this is a good idea. This would allow anyone from the
WAN in. Besides, how is it gonig to know what to unlock since it used
the LAN subnet prior?
If I understood well, if I enable lan to wan bridging, and I do not
assign an IP to LAN interface, I can only access from the WAN ip. But
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> If I understood well, if I enable lan to wan bridging, and I do not assign
> an IP to LAN interface, I can only access from the WAN ip. But if I did not
> create a rule before this change, I lock myself out, is it right?
Yes.
> If so, w
> If so, why not add an option, just to permit webconsole access only to> connection coming fron the lan interface?
Because if there is no IP on the lan what is there to surf into?
Directly to the ip assigned to wan interface...
I am coming from Linux, I hope I am not missing something because o
Correct. Which now brings us round circle to why you have to add a
rule for the WAN if there is no LAN ip to access to administrate the
box.
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
>
>
> > > If so, why not add an option, just to permit webconsole access only to
> > > connecti
Sorry, but with PF is it possible to discriminate between an access
from a particular interface? If so, I think it is more secure to give
webconsole access only to connection coming from the "secure "
interface... Am I wrong?
On 8/11/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
Correct. Which now
Not if there isn't a IP.
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> Sorry, but with PF is it possible to discriminate between an access from a
> particular interface? If so, I think it is more secure to give webconsole
> access only to connection coming from the "secure " interface
ok, this is my fault: in linux (kernel 2.6) with ebtables (or
arptables) it is possible to select an interface for inbound
connection, even in a bridged configuration.
Sorry for my ignoranceOn 8/11/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
Not if there isn't a IP.On 8/11/05, Tommaso Di Donat
It could be possible but this all gets really hairy and sticky. Same
reason that its most likely no doable in m0n0wall in the first place.
There is a real chance of shooting yourself in the foot in this
configuration so consider yourself warned :)
Scott
On 8/11/05, Tommaso Di Donato <[EMAIL P
On 8/11/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> It could be possible but this all gets really hairy and sticky. Same
> reason that its most likely no doable in m0n0wall in the first place.
> There is a real chance of shooting yourself in the foot in this
> configuration so consider yoursel
So... you all say that it is better to leave the things as they are.. Ok, I trust you.
But in the remote possibility that I become crazy and start to develope
something like the thing I imagined, I will share it with you! On 8/11/05, Chris Buechler <[EMAIL PROTECTED]
> wrote:On 8/11/05, Scott Ullri
On 8/11/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> So... you all say that it is better to leave the things as they are.. Ok, I
> trust you.
> But in the remote possibility that I become crazy and start to develope
> something like the thing I imagined, I will share it with you!
>
well no
17 matches
Mail list logo
