[ previous ] [ next ] [ threads ]
 
 From:  Dana Spiegel <dana at sociableDESIGN dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Need help with LAN->OPT1 firewall issue
 Date:  Fri, 11 Feb 2005 17:19:24 -0500
I'm banging my head against the wall with this one...

I have LAN set up with private subnet 10.1.0.1/16
I have configured OPT1 with subnet 10.4.54.99/24 (this is a separate 
private large network that I need to access a few computer on 10.4.54.67 
and .69, for example).

Netstat looks ok:

$ netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            X.X.X.X            UGSc        2    12672   fxp1
10.1/16            link#2             UC         16        0   fxp0
10.1.0.4           xx:xx:xx:xx:xx:xx  UHLW        0        1   fxp0   1090
10.4.54/24         link#1             UC          4        0    xl0
10.4.54.67         link#1             UHLW        0        6    xl0
10.4.54.69         link#1             UHLW        0        4    xl0
127.0.0.1          127.0.0.1          UH          0        0    lo0
X.X.X.X/29         link#3             UC          1        0   fxp1
X.X.X.X            xx:xx:xx:xx:xx:xx  UHLW        2        0   fxp1    837


I have the default LAN->any firewall rule:

        <rule>
            <type>pass</type>
            <interface>pptp</interface>
            <source>
                <network>pptp</network>
            </source>
            <destination>
                <any/>
            </destination>
            <descr/>
        </rule>
        <rule>
            <type>pass</type>
            <descr>Default LAN -&gt; any</descr>
            <interface>lan</interface>
            <source>
                <network>lan</network>
            </source>
            <destination>
                <any/>
            </destination>
        </rule>

And I have an IPSEC VPN from the local 10.1.x.x/16 subnet to a remote 
m0n0wall on a 10.0.0.X/24 subnet.

The problem is that from the LAN, I can't access any computers on the 
OPT1 interface. The routing looks correct (see above), but there must be 
something I'm missing with firewall configuration. I've searched the 
archives, but haven't found anything useful (yet).

Can someone shed some light on this problem?

Thanks in advance!
-- 

*D a n a   S p i e g e l*
*s o c i a b l e D E S I G N*  *::*  *www.sociableDESIGN.com 
<http://www.sociableDESIGN.com>*
123 Bank Street, Suite 510, New York, NY 10014
p  +1 917 402 0422  ::  e  dana at sociableDESIGN dot com 
<mailto:dana at sociableDESIGN dot com>