[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Kurt Hadeler <khadeler at wppl dot lib dot ny dot us>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Static Routes? Outbound NAT? What am I doing wrong?
 Date:  Wed, 29 Jun 2005 22:51:10 +0200 
Hi Kurt!

Am Mittwoch, den 29.06.2005, 16:11 -0400 schrieb Kurt Hadeler:
> I have a two static routes configured:
> INT      DEST                     GATEWAY
> LAN     10.1.1.0/24          10.1.1.1        (default gateway for the
> private network)
Why? 10.1.1.0/24 is connected directly, you don't need any extra route
for this net.

> LAN     192.168.1.0/25    192.168.1.1  (static IP of OPT1 interface)
Same as above. /25?

> Traffic to the private LAN interface must appear as a 10.1.x IP so I do
> not want all outbound traffic NATed to the WAN interface.  I have
> enabled Advanced Outbound NAT and setup two rules: 
> INT       SOURCE               DEST                    TARGET
> WAN     192.168.1.0/24   10.1.1.0/24         10.1.1.27 (private LAN IP
> address)
ok.

> WAN     192.168.1.0/25   ! 10.1.1.0/25       216.150.xxx.xxx (public
> WAN IP address)
/25? What about the other half of the /24?

> I suspect the static routes and outbound NAT entries are wrong.
You are right.

> How can I change this so that traffic from OPT1 to
> LAN has a 10.1.1.x IP and is directed to the correct interface?

First of all you have to correct routing and netmasks.
> 
> I have spent about a day reading the m0n0wall documentation and list
> archives and trying various combinations but I can't get past this. I'm
> stumped.  Can anyone give me any suggestions?

WAN:	216.150.xxx.xxx/25
LAN:	10.1.1.0/24
OPT1:	192.168.1.0/24

No extra routing entries.

Your problem is, that you want a n:1-NAT on the LAN Interface:

INT     SOURCE           DEST                TARGET
LAN     192.168.1.0/24   10.1.1.0/24         10.1.1.27

This isn't possible with m0n0 (not out of the box). There are several
possible solutions:

     1. Use VLANs on the LAN interface. You can choose NAT for VLANs.
     2. Choose WAN as the interface and change it by hand in the
        config.xml.
     3. Change the internal net mask to /23 and configure 1:1 NAT for
        the OPT1 subnet.
     4. Don't use NAT at all for the OPT1 subnet. Instead configure all
        hosts in the LAN subnet to use your m0n0wall as default gw.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     Linux is addictive, I'm hooked!  -- MaDsen
 Peter Allgeyer | 0(o_o)0   Wikholm's .sig
---------------oOO--(_)--OOo-----------------------------------------------