Since it's a test setup, I assumed something a bit different:
Internet -- router -- LAN backbone -- LAN PCs
|_ m0n0wall -- test PC
If so, the problem is most likely that the LAN PCs
don't know how to route traffic to the m0n0wall LAN
A quick test would be to add a static route on one of the LAN PCs. For MS
route add 192.168.1.0 <http://192.168.1.0> mask
where "XX" is the external IP of the m0n0wall, on the main network
You may also want to try a network sniffer (Ethereal is open source &
relatively easy to use) to see which packets are making it to which
On 4/18/05, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 4/18/05, Robert L. Pumphrey <rlpumphrey at 1mage dot com > wrote:
> > Dear M0n0wall community I could use some help.
> > I know these a simply questions, But there stopping me.
> > I would like to add a internal firewall. From time to time we have
> > Outside people come in, they have their own computers that they want
> > Internet access with. Right now if we allow them to plug in to our
> > They are on the whole of our network. I would like to use M0n0wall so
> that they
> > are
> > On an "opt" network. It would also allow us a DMZ for the common
> > servers
> > (web email ftp) .
> > Right I'm trying to setup a testbox with two NIC cards.
> > I think I' having trouble setting up the static route so that My PC on
> the inside
> > of the M0n0wall can get out to our current Network. Current network is
> > "192.168.22.0 <http://192.168.22.0> " with a
> > simple subnet of "255.255.255.0 <http://255.255.255.0> " Inside of the
> M0n0wall can be any thing, at the
> > point I have been using 192.168.1.1/24 <http://192.168.1.1/24> . I have
> two rules defined one out one in
> > both should wide open. Do I need to do anything with NAT, ARP. At this
> point of
> > I try to ping a box on the 192.168.22.0 <http://192.168.22.0> subnet I
> get "expired in transit". We have
> > a Cicso router to the internet that I do not feel the need to touch.
> First some assumptions.
> Ok, you have:
> internet --- router ----- m0n0wall ------ LAN
> And also off of m0n0wall, an OPT, and a DMZ.
> Your PC is on the LAN. Your default gateway is m0n0wall's LAN IP.
> You don't need any static routes at all, since m0n0wall is directly
> connected to all networks. TTL expired suggests a routing loop
> Take out your static routes, and confirm or deny my assumptions above.
> If everything I said is true, it'll all work.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch