[ previous ] [ next ] [ threads ]
 
 From:  =?WINDOWS-1252?B?lSCV?= <googl3meister at gmail dot com>
 To:  Angus Jordan <angus dot jordan at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Subnet behind a router behind m0n0wall...
 Date:  Wed, 25 May 2005 07:37:24 +1000 
On 5/25/05, Angus Jordan <angus dot jordan at gmail dot com> wrote:
> Hello all,
> 
> I have a network setup as follows:
> 
> 192.168.100.0/24 <http://192.168.100.0/24> -> Win2k RAS ->
> 192.168.42.0/24<http://192.168.42.0/24>-> m0n0wall
> 
> When I try to access the internet from the 192.168.100.x network, I get
> firewall denied logs in m0n0wall (v1.2 b7).
> 

Sounds as though you have only one default rule for outbound traffic,
which by default is:
allow all from internal LAN SUBNET to external (and keep state)

However, your internal LAN subnet is 192.168.42.0/24 and your clients
are at 192.168.100.0/24 - ie: a different subnet != LAN subnet.  If
your internal LAN was a /16 instead a /24 then it would Just Work
(TM), broadcast issues etc aside.

Duplicate the last rule (assuming you haven't added any yet) and
change the source to "network", address range 192.168.100.0/24 and you
should be OK.

Rgds
gm