[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  "Robert L. Pumphrey" <rlpumphrey at 1mage dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall setup 101
 Date:  Mon, 18 Apr 2005 14:56:45 -0400
On 4/18/05, Robert L. Pumphrey <rlpumphrey at 1mage dot com> wrote:
> Dear M0n0wall community I could use some help.
> I know these a simply questions, But there stopping me.
> 
> I would like to add a internal firewall. From time to time we have
> Outside people come in, they have their own computers that they want
> Internet access with.  Right now if we allow them to plug in to our network
> They are on the whole of our network.  I would like to use M0n0wall so that they
> are
> On an "opt" network. It would also allow us a  DMZ for the common internet
> servers
> (web email ftp) .
> 
> Right I'm trying to setup a testbox with two NIC cards.
> I think I' having trouble setting up the static route so that My PC on the inside
> of the M0n0wall can get out to our current Network. Current network is
> "192.168.22.0" with a
> simple subnet of "255.255.255.0"  Inside of the M0n0wall can be any thing, at the
> point I have been using 192.168.1.1/24.  I have two rules defined one out one in
> both should wide open.  Do I need to do anything with NAT, ARP. At this point of
> I try to ping a box on the 192.168.22.0 subnet I get "expired in transit".  We have
> a Cicso router to the internet that I do not feel the need to touch.
> 

First some assumptions.  

Ok, you have:

internet --- router ----- m0n0wall ------  LAN

And also off of m0n0wall, an OPT, and a DMZ.  

Your PC is on the LAN.  Your default gateway is m0n0wall's LAN IP.  
You don't need any static routes at all, since m0n0wall is directly
connected to all networks.  TTL expired suggests a routing loop
somewhere.

Take out your static routes, and confirm or deny my assumptions above.
 If everything I said is true, it'll all work.

-Chris