[ previous ] [ next ] [ threads ]
 
 From:  "Eric Hilden" <eric at linkednetworks dot com>
 To:  "'Chris Buechler'" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall blocking pings
 Date:  Sun, 14 Aug 2005 21:44:40 -0500 
Just to point something out and making sure I'm not confused but I am seeing
in the firewall log of m0n0wall the pings blocked. So the routing is getting
back to m0n0wall I'm assuming them. 

So I should then allow advanced outbound nat without any nat rules. In place
of the linksys is going a Cisco router. 

I asked about a similar setup earlier that you replied too that I have had
no luck with having advanced outbound nat enabled also. 

Here is the other message just for reference. 
Also I appreciate the help Chris as I am very excited at putting m0n0wall in
a production and corporate environment if successful with a test site. 

-----------------------------------------------------------------------



My firewall rules are currently * * * for all interfaces setup. I'm assuming
this allows all traffic. Still doesn't work for me for seeing other subnets.


So if I am understanding you correctly, should I do the following? 

Make OPT1 a bridge with the WAN interface. Then plug my OPT1 port into a
switch from where I have the subnets coming from. Then I just have one
interface but then what do I bind for addresses as both of these subnets
currently have customers on them and their gateways cannot change. How then
can I bind the IP's to an interface if it is a bridge? How will the subnets
then now where to go or the gateway for that matter? 


ie.)

Subnets(/27 & /26)--(m0n0wall OPT1 & OPT2)--(m0n0wall WAN /30)--(Cisco /30)

From what I am understanding this is how the diagram should go. The subnets
are on a switch coming from a wireless AP link in another city, to a POP. At
the POP I am trying to put in m0n0wall. There I will have two cables that go
to my switch (unmanaged) to m0n0wall. M0n0wall is then setup to WAN form
66.28.212.14 - 66.28.212.13 /30 on a CISCO. This link works fine. I just
can't get the in-between stuff to happen. 

> OPT1 66.28.212.97  This is gateway for customers
> OPT2 66.28.212.129 This is gateway for customers

If I bridge these connections to the WAN wouldn't I need to proxy for .97
and .129 then?

-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Monday, August 08, 2005 10:34 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0wall blocking pings

On 8/8/05, Eric Hilden <eric at linkednetworks dot com> wrote:
> Everything works great from the LAN side getting out to the Internet and
> pinging other machines on the network in different subnets but I cannot
ping
> anything on any interface except the WAN from outside of m0n0wall.
> 

Of course you can't - it's NAT'ing everything, and isn't going to
allow anything to be routed back to its LAN side.

If you need routing in a setup like this (if you eventually plan to
replace the Linksys, I wouldn't do this) then enable advanced outbound
NAT without any NAT rules to disable NAT, and put a static route in
your Linksys (if those things are even capable, I don't recall
offhand) pointing the 192.168.2.0/24 network to 192.168.1.104
(m0n0wall's WAN IP).  Then given the rules you already have, you'll be
able to ping and do whatever else you want on the LAN subnet.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch