does both m0n0 and your core L3-switch/router have correct routing tables?
i think it has nothing to do with the up-stream router. it usually has
only one entry in its routing table for your large super-net like:
ip route xxx.xxx.240.0/20 xxx.xxx.30.122
no isp would split so large block of addresses into small networks and
load them seperately into the routing table of the router. it's too
inefficient. and they don't care how you subneting these addresses.
ipf will process rules from top to bottom.
On 7/1/05, Christopher Tyler <ctyler at atlascomm dot net> wrote:
> On Thursday 30 June 2005 18:25, Christopher Tyler wrote:
> > I'm trying to replace an old router with m0n0wall but here is my problem..
> > I have a very large subnet of 20 bits or 255.255.240.0..
> > Need to break this down to 24 bit networks or 255.255.255.0 say,
> > xxx.xxx.240.0/24 through xxx.xxx.255.255/24.
> > All the internal IPs are public and should stay that way.
> > I can get traffic out just fine no problem however I cannot get any
> > incoming traffic except on two unrelated subnets xxx.xxx.240.0/24 and
> > xxx.xxx.248.0/24 but nothing else.
> > I'm assuming that these two subnets are working because my upstream is
> > routing them to me as 24 bit networks. Any ideas on how I can get this
> > working without involving the upstream provider using m0n0wall?
> > The upstream router is xxx.xxx.30.121/30 and my WAN interface is
> > xxx.xxx.30.122/30
> > Any help is apreciated.
> OK, here's an update...
> The reason that the xxx.xxx.246.0/24 was working is that it's gateway was set
> to xxx.xxx.240.1 and the xxx.xxx.248.0/24 was set to xxx.xxx.248.1 I changed
> the gateway to xxx.xxx.240.1 and will try it tonight and let you know how I
> fare this time.
> Just one other question before I do all this. It pertains to the firewall
> rules. Does monowall process the rules from top to bottom or bottom to top?
> Christopher Tyler
> Atlas Communications
> (417) 883-1700
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch