[ previous ] [ next ] [ threads ]
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Routing problems
 Date:  Fri, 22 Oct 2004 12:23:35 +0100
> I have a cable provider which provided me these settings:
> IP:
> Subnet mask:
> Gateway:
> DNS: and .3

> M0n0wall box has two nic's, one lan, and one wan. Lan is configured as
> follows:
> Lan IP:
> Wan IP: ; Gateway:
> Cable modem ip is:

This is very weird. Correct me if I'm wrong but you're actually going
through no less than *three* NAT layers here... The IP your provider has
issued you ( is in a private address range, so they must be
doing NAT at their end, your cable modem is also in a private range (so
another NAT layer), then m0n0 is going to be doing NAT itself.

Getting the whole lot to work should be possible, but it ain't gonna be all
that friendly if you ever want to do any port forwarding at all.

> Now, the real problem. I cannot get past the Nic WAN?1 when I 
> try to ping cable modem directly, it says:
> Pinging [] destination host unreachable?!

First thing to do is to disable "block private networks" on the WAN setup
page. The "destination host unreachable" error is most likely because you
can't route from (your def. gateway) back into your own network

If the cable modem doesn't have any non-NAT modes, you'll need to run it as
an additional NAT layer. When you connect the cable modem directly to a PC,
what IP does the PC get? Is it in the 192.168 range? If so, the cable modem
is definitely running as a NAT layer. If not, and your PC gets the true address, then your modem is most likely already running as a

If you're tied into your provider and can't get a public-routable address,
I'd set it up like this:
1) Connect cable modem to a single PC and use its web interface to
reconfigure it to work in non-NAT mode if possible (might be called PPP
half-bridge, IP passthrough, DHCP spoof mode, something like that). Then
give it your external IP (
2) Tell m0n0 to get the IP automatically by DHCP on the WAN interface.
3) Make sure to untick "block private networks"
4) It should work.

If you can't get the modem running in non-NAT, tell m0n0 to still get its
WAN IP by DHCP, only in this instance it'll get a 192.168 address from the
DHCP server in your modem, not from your provider. It's an additional NAT
layer which will cause problems with port forwarding, but it should work.


C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969   ICQ: 13350579
AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!: Minotaur_Chris
This email is made from 100% recycled electrons