[ previous ] [ next ] [ threads ]
 
 From:  Angus Jordan <angus dot jordan at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Subnet behind a router behind m0n0wall...
 Date:  Wed, 25 May 2005 09:32:34 -0700
Thanks both. I was able to make it work by doing both of your suggestions.

I both added a rule (which I had tried by itself already), and added a 
static route (which I had not thought of).

Thanks for your suggestions!
 
Angus Jordan

On 5/24/05, Chris Buechler <cbuechler at gmail dot com> wrote:
> 

> > On 5/25/05, Angus Jordan <angus dot jordan at gmail dot com> wrote:
> > > Hello all,
> > >
> > > I have a network setup as follows:
> > >
> > > 192.168.100.0/24 <http://192.168.100.0/24> <http://192.168.100.0/24> 
> -> Win2k RAS ->
> > > 192.168.42.0/24 <http://192.168.42.0/24><http://192.168.42.0/24>-> 
> m0n0wall
> > >
> > > When I try to access the internet from the 192.168.100.x network, I 
> get
> > > firewall denied logs in m0n0wall (v1.2 b7).
> > >
> >
> > Sounds as though you have only one default rule for outbound traffic,
> > which by default is:
> > allow all from internal LAN SUBNET to external (and keep state)
> >
> 
> By default it's allow any to any, not just LAN subnet. But if you
> don't have a static route to that network, it'll get dropped by the
> antispoofing rules (it couldn't return the traffic anyway since it
> doesn't know how to get to that network on the LAN side). Put in a
> static route to that network behind the router, pointing to the
> router's LAN IP and everything will work.
> 
> -Chris
>