> This is very weird. Correct me if I'm wrong but you're actually going
> through no less than *three* NAT layers here... The IP your 

Yes, this is the point, i know it's stupid, port forwarding is out of
the question, I just wanted to add a firewall to prevent attacks from
inside the 10/8 network.


> First thing to do is to disable "block private networks" on 
> the WAN setup
> page. The "destination host unreachable" error is most likely 
> because you
> can't route from 10.1.0.2 (your def. gateway) back into your 
> own network
> (192.168).

I tried it as disabled and enabled and cannot get it to work

> When you connect the cable modem directly to a PC,
> what IP does the PC get?

I do not get anything, since the provider is not running dhcp at all, I
have to use static ip

> Is it in the 192.168 range? If so, the cable modem
> is definitely running as a NAT layer. If not, and your PC 
> gets the true
> 10.2.114.20 address, then your modem is most likely already 
> running as a bridge.

It appears to be in a bridge mode since it only works with manually
enetered address

> 1) Connect cable modem to a single PC and use its web interface to
> reconfigure it to work in non-NAT mode if possible (might be 
> called PPP
> half-bridge, IP passthrough, DHCP spoof mode, something like 
> that). Then
> give it your external IP (10.2.114.20).
> 2) Tell m0n0 to get the IP automatically by DHCP on the WAN interface.

I'm not sure if I understand this. 1.Do you want me to connect cable
modem to another pc or monowall? I will try with bridging...