On 6/30/05, Christopher Tyler <ctyler at atlascomm dot net> wrote:
> I'm trying to replace an old router with m0n0wall but here is my problem.. I
> have a very large subnet of 20 bits or 255.255.240.0..
> Need to break this down to 24 bit networks or 255.255.255.0 say,
> xxx.xxx.240.0/24 through xxx.xxx.255.255/24.
> 
> All the internal IPs are public and should stay that way.
> 

Are all the internal hosts on the same broadcast domain?  If so, how
are you handling the gateway for each subnet?

Did you enable advanced outbound NAT without any NAT rules so the
outbound traffic isn't getting NAT'ed?


> I can get traffic out just fine no problem however I cannot get any incoming
> traffic except on two unrelated subnets xxx.xxx.240.0/24 and xxx.xxx.248.0/24
> but nothing else.
> 

And all the IP's worked before?  Did you clear the ARP cache on the
next upstream router?  Most hold their cache for a few hours by
default (Cisco is 4 hours by default, not sure on others).  If it's
been longer than 4 hours since the switch over, that's probably not an
issue unless your upstream changed the default ARP cache timeout. 
That'd probably be an all or nothing situation anyway.

-Chris