I've got two LAN's, Lan-U (192.168.99.x) and Lan-D (192.168.23.x) that
I'm connecting with M0n0wall, using Lan-U as the LAN interface and
Lan-D as the WAN interface, where the m0n0wall connects via Wireless
to an AP on the Lan-D.
That works as expected by default, in that Lan-U machines can access
Lan-D but not the other way round, but what I tried to do was to grant
access for systems on Lan-D to access systems on Lan-U, but ran into
problems. This might well however be down to my misunderstanding of
what's going on...
I tried setting a rule to allow all from WAN to LAN, together with a
static route on the Lan-D system, setting the m0n0wall's Lan-D address
(192.168.23.13) as the gateway for the Lan-U address I was trying to
reach (192.168.99.254). However, while a traceroute got to the 23.13
address, it was blocked there, although I couldn't see anything in the
I was able to access the m0n0wall web pages on the 23.13 address
though.... I've worked around it by enabling inbound NAT with the
particular port I'm using forwarded to the 99.254 host, but I'm
interested in what I'm missing/how this might be otherwise done...