[ previous ] [ next ] [ threads ]
 
 From:  Kev Latimer <kev at ne23 dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Public IP's on OPT
 Date:  Wed, 08 Dec 2004 17:52:24 +0000
I'm even making an arse of replying to emails now, this really isn't a 
good day!

As should have said:

Josh - I didn't set any outbound NAT entries, OPT2 itself should (I 
think) only be seen but the m0n0 as it is purely to be an IPSEC 
endpoint, all the LAN traffic being routed up the tunnel.  That said, I 
did exactly as you explained below and still no luck.  Running 1.11 on a 
CF card on an Epia PD1000.

Jesse - how did you get your OPT interface to respond to pings?  If I 
can get that bit right I think I'll stand a chance of kludging the rest 
together :)

Is there anything I can provide from status.php that could give any more 
clues?  The routing table looks fine but I'm afraid everything else 
mocks my lack of xBSD and ipfw experience.

Cheers for all your help,

Kev


Kev Latimer wrote:

> Josh McAllister wrote:
>
>> You say ACT lights up when you ping out, but no replies. This may
>> indicate m0n0 is using the correct interface, but the wrong source IP.
>>
>> This may be a silly question, but did you set OPT2 as the applicable
>> interface on your Outbound NAT entry?
>>
>> Interface should be OPT2
>> Source should be LAN net
>> Destination should be the same host or subnet defined in the static
>> route
>> Target should be IP of OPT2
>>
>> If you don't have the option to specify OPT interface, be sure you're
>> running latest version.
>>
>> Josh McAllister
>>
>> -----Original Message-----
>> From: news [mailto:news at sea dot gmane dot org] On Behalf Of Jesse Guardiani
>> Sent: Wednesday, December 08, 2004 8:30 AM
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: [m0n0wall] Re: Public IP's on OPT
>>
>> Kev Latimer wrote:
>>
>>  
>>
>>> Okay, I'm clearly doing something extremely stupid here.
>>>
>>> Traceroutes from both ends die at the router just before they get to
>>>   
>>
>> the
>>  
>>
>>> subnet OPT2 lies on, ie at the m0n0 from my LAN side and at BT's
>>>   
>>
>> router
>>  
>>
>>> just before it gets to ours from the other end.
>>>   
>>
>>
>> I've been able to get traceroutes working from the internet to my OPT1
>> DMZ, but I have yet to be able to get traceroutes working from the LAN
>> to
>> the internet. But remember, traceroute not only uses ICMP, it also uses
>> UDP ports 33435 - 33524.
>>
>> If anyone knows how to get traceroutes working from my LAN to the
>> internet
>> while using advanced outbound NAT on the LAN, please let me know.
>>
>>  
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>