Re: [m0n0wall] Need help with LAN->OPT1 firewall issue

From:	Fred Wright <fw at well dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Need help with LAN->OPT1 firewall issue
Date:	Sun, 13 Feb 2005 17:12:03 -0800 (PST)

On Fri, 11 Feb 2005, Dana Spiegel wrote:

> I have LAN set up with private subnet 10.1.0.1/16
> I have configured OPT1 with subnet 10.4.54.99/24 (this is a separate 
> private large network that I need to access a few computer on 10.4.54.67 
> and .69, for example).
> 
> Netstat looks ok:
> 
> $ netstat -nr
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            X.X.X.X            UGSc        2    12672   fxp1
> 10.1/16            link#2             UC         16        0   fxp0
> 10.1.0.4           xx:xx:xx:xx:xx:xx  UHLW        0        1   fxp0   1090
> 10.4.54/24         link#1             UC          4        0    xl0
> 10.4.54.67         link#1             UHLW        0        6    xl0
> 10.4.54.69         link#1             UHLW        0        4    xl0
> 127.0.0.1          127.0.0.1          UH          0        0    lo0
> X.X.X.X/29         link#3             UC          1        0   fxp1
> X.X.X.X            xx:xx:xx:xx:xx:xx  UHLW        2        0   fxp1    837

[...]

> The problem is that from the LAN, I can't access any computers on the 
> OPT1 interface. The routing looks correct (see above), but there must be 
> something I'm missing with firewall configuration. I've searched the 
> archives, but haven't found anything useful (yet).

Do the other machines on the OPT1 side have 10.4.54.99 as the gateway to
10.1/16, or as the default gateway?

Also, is ARP working correctly on OPT1?  When I look at a similar
(working) situation here, the "gateway" entry for the remote OPT1 machine
shows its MAC address, not "link#<n>".

					Fred Wright