[ previous ] [ next ] [ threads ]
 
 From:  "Joe Walton" <jwalton at kappanetworks dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Advanced Outbound NAT
 Date:  Sat, 30 Jul 2005 00:50:09 -0400
Hello,

Still having trouble with two remote subnets, my original post is below and
here is a diagram.

172.16.2.2-HostB
 |
 |
172.16.2.1-RouterB LAN
172.16.10.2-RouterB WAN
 |
 |
 |
 |
172.16.10.1-RouterA WAN
172.16.1.1-RouterA LAN
 |
 |
Switch - - 172.16.1.3-m0n0wall (adv outbound NAT) ----internet
 |
 |
172.16.1.9-HostA



LAN on Router A can all access the internet fine.  But hosts at LAN B and
LAN C (not pictured) cannot.  There is a LAN side denial showing up on the
m0n0wall for any subnet other than the /24 of the m0n0wall trying to go out.

I opened the default LAN FW rule to ANY-ANY and also named the specific
subnets, etc.  Still have the LAN side blocking of any subnets not within
the range of the m0n0wall's class C.

Putting the access list router back in as .3 on the LAN has all remote
subnets back in business on the internet.

What are other folks doing to get the remote subnets natting through the
m0n0wall?

joe












Hello,

I have setup a m0n0wall successfully for a single site but am having trouble
with two remote sites behind a router on the main site LAN.

I have added a /16 rule in the adv outbound NAT which encompasses the three
sites.  I have added a /16 rule in the LAN firewall filters which
encompasses the three sites as well.

I am still seeing LAN side denials and failure for the two remote sites to
get on the internet.  The main site has no problems with internet access.

Anyone have any thoughts?

joe



Joe Walton
--
Kappa Networks, Inc.
http://www.kappanetworks.com
2571 Norwood Creek Way
Suite 200
Powhatan, Virginia 23139
Phone: 804-794-4437
Fax: 804-601-3048