[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Subnet behind a router behind m0n0wall...
 Date:  Tue, 24 May 2005 20:03:44 -0400
> On 5/25/05, Angus Jordan <angus dot jordan at gmail dot com> wrote:
> > Hello all,
> >
> > I have a network setup as follows:
> >
> > 192.168.100.0/24 <http://192.168.100.0/24> -> Win2k RAS ->
> > 192.168.42.0/24<http://192.168.42.0/24>-> m0n0wall
> >
> > When I try to access the internet from the 192.168.100.x network, I get
> > firewall denied logs in m0n0wall (v1.2 b7).
> >
> 
> Sounds as though you have only one default rule for outbound traffic,
> which by default is:
> allow all from internal LAN SUBNET to external (and keep state)
> 

By default it's allow any to any, not just LAN subnet.  But if you
don't have a static route to that network, it'll get dropped by the
antispoofing rules (it couldn't return the traffic anyway since it
doesn't know how to get to that network on the LAN side).  Put in a
static route to that network behind the router, pointing to the
router's LAN IP and everything will work.

-Chris