[ previous ] [ next ] [ threads ]
 
 From:  Claude Morin <klodefactor at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  "Robert L. Pumphrey" <rlpumphrey at 1mage dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall setup 101
 Date:  Mon, 18 Apr 2005 16:58:54 -0400
Since it's a test setup, I assumed something a bit different:
Internet -- router -- LAN backbone -- LAN PCs
|_ m0n0wall -- test PC
 
If so, the problem is most likely that the LAN PCs
(192.168.22.0/24<http://192.168.22.0/24>)
don't know how to route traffic to the m0n0wall LAN
(192.168.1.0/24<http://192.168.1.0/24>).
A quick test would be to add a static route on one of the LAN PCs. For MS 
Windows XP:
route add 192.168.1.0 <http://192.168.1.0> mask
255.255.255.0<http://255.255.255.0>
192.168.22.XX
where "XX" is the external IP of the m0n0wall, on the main network
 
You may also want to try a network sniffer (Ethereal is open source & 
relatively easy to use) to see which packets are making it to which 
destinations.

Good luck,

-klode

On 4/18/05, Chris Buechler <cbuechler at gmail dot com> wrote:
> 
> On 4/18/05, Robert L. Pumphrey <rlpumphrey at 1mage dot com > wrote:
> > Dear M0n0wall community I could use some help.
> > I know these a simply questions, But there stopping me.
> >
> > I would like to add a internal firewall. From time to time we have
> > Outside people come in, they have their own computers that they want
> > Internet access with. Right now if we allow them to plug in to our 
> network
> > They are on the whole of our network. I would like to use M0n0wall so 
> that they
> > are
> > On an "opt" network. It would also allow us a DMZ for the common 
> internet
> > servers
> > (web email ftp) .
> >
> > Right I'm trying to setup a testbox with two NIC cards.
> > I think I' having trouble setting up the static route so that My PC on 
> the inside
> > of the M0n0wall can get out to our current Network. Current network is
> > "192.168.22.0 <http://192.168.22.0> " with a
> > simple subnet of "255.255.255.0 <http://255.255.255.0> " Inside of the 
> M0n0wall can be any thing, at the
> > point I have been using 192.168.1.1/24 <http://192.168.1.1/24> . I have 
> two rules defined one out one in
> > both should wide open. Do I need to do anything with NAT, ARP. At this 
> point of
> > I try to ping a box on the 192.168.22.0 <http://192.168.22.0> subnet I 
> get "expired in transit". We have
> > a Cicso router to the internet that I do not feel the need to touch.
> >
> 
> First some assumptions.
> 
> Ok, you have:
> 
> internet --- router ----- m0n0wall ------ LAN
> 
> And also off of m0n0wall, an OPT, and a DMZ.
> 
> Your PC is on the LAN. Your default gateway is m0n0wall's LAN IP.
> You don't need any static routes at all, since m0n0wall is directly
> connected to all networks. TTL expired suggests a routing loop
> somewhere.
> 
> Take out your static routes, and confirm or deny my assumptions above.
> If everything I said is true, it'll all work.
> 
> -Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch 
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch 
>