M0n0wall won't pass traffic on different LAN subnets unless “Bypass firewall rules” is checkedFirewall...

What are substitutions for coconut in curry?

Why does overlay work only on the first tcolorbox?

Employee lack of ownership

Can I use USB data pins as power source

Are all passive ability checks floors for active ability checks?

Did Ender ever learn that he killed Stilson and/or Bonzo?

How to explain that I do not want to visit a country due to personal safety concern?

How to write cleanly even if my character uses expletive language?

How difficult is it to simply disable/disengage the MCAS on Boeing 737 Max 8 & 9 Aircraft?

A diagram about partial derivatives of f(x,y)

Python if-else code style for reduced code for rounding floats

Print a physical multiplication table

Is honey really a supersaturated solution? Does heating to un-crystalize redissolve it or melt it?

Do I need to be arrogant to get ahead?

Is it normal that my co-workers at a fitness company criticize my food choices?

"of which" is correct here?

Math equation in non italic font

Why do tuner card drivers fail to build after kernel update to 4.4.0-143-generic?

Bach's Toccata and Fugue in D minor breaks the "no parallel octaves" rule?

If I can solve Sudoku, can I solve the Travelling Salesman Problem (TSP)? If so, how?

This word with a lot of past tenses

Why do newer 737s use two different styles of split winglets?

Why Choose Less Effective Armour Types?

What is the adequate fee for a reveal operation?



M0n0wall won't pass traffic on different LAN subnets unless “Bypass firewall rules” is checked


Firewall rules for using mtr/traceroute from LANSingle m0n0wall - Two LAN Subnets - How To SetupBlocking a network device from communicating with another device on the LANRouting between subnets on different vlans connected by a router/firewallMultiple network routingHow will the LAN to LAN firewall rule affect the traffic in the rest of the networkFirewall Logs in pfSense shows the WAN IP for NAT ConnectionsParallels and virtual firewall appliance between guest and hostRedirect from 1 IPv4 local subnet to another in pfSenseCan't connect to openVPN Server (pfsense)













0















I have a working configuration, but a question is bugging me.



The question centers around having multiple subnets on a single

interface.



LAN: 10.10.10.1/24
OpenVPN Server LAN IP: 10.10.10.250
OpenVPN Server virtual subnet: 10.11.10.0/24
LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250



With the Advanced option "Bypass firewall rules for traffic on the

same interface" is checked, everything works as expected.



But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP

session from the 10.11.10.0 net to the 10.10.10.0 net, the forward

path works, but the return bath is blocked in m0n0wall. Even with

LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any



The return (destination 10.11.10.XX) is always blocked in m0n0wall

(per firewall logging).



I am quite satisfied keeping "Bypass firewall rules..." checked, but

I want to understand why m0n0wall is dropping LAN subnet1 to LAN

subnet2 traffic in the firewall.



I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.



Thanks in advance.










share|improve this question














bumped to the homepage by Community 12 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    0















    I have a working configuration, but a question is bugging me.



    The question centers around having multiple subnets on a single

    interface.



    LAN: 10.10.10.1/24
    OpenVPN Server LAN IP: 10.10.10.250
    OpenVPN Server virtual subnet: 10.11.10.0/24
    LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250



    With the Advanced option "Bypass firewall rules for traffic on the

    same interface" is checked, everything works as expected.



    But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP

    session from the 10.11.10.0 net to the 10.10.10.0 net, the forward

    path works, but the return bath is blocked in m0n0wall. Even with

    LAN Firewall Rules:
    "Pass" any LAN-subnet to any/any
    "Pass" any OpenVPN-subnet to any/any



    The return (destination 10.11.10.XX) is always blocked in m0n0wall

    (per firewall logging).



    I am quite satisfied keeping "Bypass firewall rules..." checked, but

    I want to understand why m0n0wall is dropping LAN subnet1 to LAN

    subnet2 traffic in the firewall.



    I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.



    Thanks in advance.










    share|improve this question














    bumped to the homepage by Community 12 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      0












      0








      0








      I have a working configuration, but a question is bugging me.



      The question centers around having multiple subnets on a single

      interface.



      LAN: 10.10.10.1/24
      OpenVPN Server LAN IP: 10.10.10.250
      OpenVPN Server virtual subnet: 10.11.10.0/24
      LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250



      With the Advanced option "Bypass firewall rules for traffic on the

      same interface" is checked, everything works as expected.



      But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP

      session from the 10.11.10.0 net to the 10.10.10.0 net, the forward

      path works, but the return bath is blocked in m0n0wall. Even with

      LAN Firewall Rules:
      "Pass" any LAN-subnet to any/any
      "Pass" any OpenVPN-subnet to any/any



      The return (destination 10.11.10.XX) is always blocked in m0n0wall

      (per firewall logging).



      I am quite satisfied keeping "Bypass firewall rules..." checked, but

      I want to understand why m0n0wall is dropping LAN subnet1 to LAN

      subnet2 traffic in the firewall.



      I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.



      Thanks in advance.










      share|improve this question














      I have a working configuration, but a question is bugging me.



      The question centers around having multiple subnets on a single

      interface.



      LAN: 10.10.10.1/24
      OpenVPN Server LAN IP: 10.10.10.250
      OpenVPN Server virtual subnet: 10.11.10.0/24
      LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250



      With the Advanced option "Bypass firewall rules for traffic on the

      same interface" is checked, everything works as expected.



      But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP

      session from the 10.11.10.0 net to the 10.10.10.0 net, the forward

      path works, but the return bath is blocked in m0n0wall. Even with

      LAN Firewall Rules:
      "Pass" any LAN-subnet to any/any
      "Pass" any OpenVPN-subnet to any/any



      The return (destination 10.11.10.XX) is always blocked in m0n0wall

      (per firewall logging).



      I am quite satisfied keeping "Bypass firewall rules..." checked, but

      I want to understand why m0n0wall is dropping LAN subnet1 to LAN

      subnet2 traffic in the firewall.



      I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.



      Thanks in advance.







      firewall freebsd pfsense openbsd






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jul 7 '11 at 16:35









      Zen MasterZen Master

      6614




      6614





      bumped to the homepage by Community 12 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 12 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f287973%2fm0n0wall-wont-pass-traffic-on-different-lan-subnets-unless-bypass-firewall-rul%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).






            share|improve this answer




























              0














              Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).






              share|improve this answer


























                0












                0








                0







                Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).






                share|improve this answer













                Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jul 9 '11 at 3:37









                Chris BuechlerChris Buechler

                2,8461016




                2,8461016






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f287973%2fm0n0wall-wont-pass-traffic-on-different-lan-subnets-unless-bypass-firewall-rul%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Фонтен-ла-Гаярд Зміст Демографія | Економіка | Посилання |...

                    Список ссавців Італії Природоохоронні статуси | Список |...

                    Маріан Котлеба Зміст Життєпис | Політичні погляди |...