I'm banging my head against the wall with this one...
I have LAN set up with private subnet 10.1.0.1/16
I have configured OPT1 with subnet 10.4.54.99/24 (this is a separate
private large network that I need to access a few computer on 10.4.54.67
and .69, for example).
Netstat looks ok:
$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default X.X.X.X UGSc 2 12672 fxp1
10.1/16 link#2 UC 16 0 fxp0
10.1.0.4 xx:xx:xx:xx:xx:xx UHLW 0 1 fxp0 1090
10.4.54/24 link#1 UC 4 0 xl0
10.4.54.67 link#1 UHLW 0 6 xl0
10.4.54.69 link#1 UHLW 0 4 xl0
127.0.0.1 127.0.0.1 UH 0 0 lo0
X.X.X.X/29 link#3 UC 1 0 fxp1
X.X.X.X xx:xx:xx:xx:xx:xx UHLW 2 0 fxp1 837
I have the default LAN->any firewall rule:
<rule>
<type>pass</type>
<interface>pptp</interface>
<source>
<network>pptp</network>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
And I have an IPSEC VPN from the local 10.1.x.x/16 subnet to a remote
m0n0wall on a 10.0.0.X/24 subnet.
The problem is that from the LAN, I can't access any computers on the
OPT1 interface. The routing looks correct (see above), but there must be
something I'm missing with firewall configuration. I've searched the
archives, but haven't found anything useful (yet).
Can someone shed some light on this problem?
Thanks in advance!
--
*D a n a S p i e g e l*
*s o c i a b l e D E S I G N* *::* *www.sociableDESIGN.com
<http://www.sociableDESIGN.com>*
123 Bank Street, Suite 510, New York, NY 10014
p +1 917 402 0422 :: e dana at sociableDESIGN dot com
<mailto:dana at sociableDESIGN dot com> | 