[ previous ] [ next ] [ threads ]
 
 From:  Dana Spiegel <dana at sociableDESIGN dot com>
 To:  Fred Wright <fw at well dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Need help with LAN->OPT1 firewall issue
 Date:  Mon, 14 Feb 2005 08:03:55 -0500 
Indeed, after tinkering with the network over the weekend, I realized 
the problem is the routing on the other side of the network (on the 
10.4.54.x side). I can get to the computer from my 10.1 network, but 
packets can't get back since there's no route back to my network.

Thanks for your help!

Dana Spiegel
sociableDESIGN  ::  www.sociableDESIGN.com
123 Bank Street, Suite 510, New York, NY 10014
m  +1 917 402 0422  ::  f  +1 760 454 3690  ::  
e  dana at sociableDESIGN dot com


On Feb 13, 2005, at 8:12 PM, Fred Wright wrote:

>
> On Fri, 11 Feb 2005, Dana Spiegel wrote:
>
>> I have LAN set up with private subnet 10.1.0.1/16
>> I have configured OPT1 with subnet 10.4.54.99/24 (this is a separate
>> private large network that I need to access a few computer on 
>> 10.4.54.67
>> and .69, for example).
>>
>> Netstat looks ok:
>>
>> $ netstat -nr
>> Routing tables
>>
>> Internet:
>> Destination        Gateway            Flags    Refs      Use  Netif 
>> Expire
>> default            X.X.X.X            UGSc        2    12672   fxp1
>> 10.1/16            link#2             UC         16        0   fxp0
>> 10.1.0.4           xx:xx:xx:xx:xx:xx  UHLW        0        1   fxp0   
>> 1090
>> 10.4.54/24         link#1             UC          4        0    xl0
>> 10.4.54.67         link#1             UHLW        0        6    xl0
>> 10.4.54.69         link#1             UHLW        0        4    xl0
>> 127.0.0.1          127.0.0.1          UH          0        0    lo0
>> X.X.X.X/29         link#3             UC          1        0   fxp1
>> X.X.X.X            xx:xx:xx:xx:xx:xx  UHLW        2        0   fxp1   
>>  837
>
> [...]
>
>> The problem is that from the LAN, I can't access any computers on the
>> OPT1 interface. The routing looks correct (see above), but there must 
>> be
>> something I'm missing with firewall configuration. I've searched the
>> archives, but haven't found anything useful (yet).
>
> Do the other machines on the OPT1 side have 10.4.54.99 as the gateway 
> to
> 10.1/16, or as the default gateway?
>
> Also, is ARP working correctly on OPT1?  When I look at a similar
> (working) situation here, the "gateway" entry for the remote OPT1 
> machine
> shows its MAC address, not "link#<n>".
>
> 					Fred Wright
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>