[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Daniel Heise <daniel dot heise at dhml dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Can't access my briding adsl modem
 Date:  Thu, 18 Aug 2005 13:22:49 +0200 
Hi Daniel!

Am Donnerstag, den 18.08.2005, 12:47 +0200 schrieb Daniel Heise:
> SoI should return to my old DynDnsUpdate-Tool!
Don't think so. I'm searching for a better way than that I've told you
before. There are too many problems with my first solution so I call it
a really crude one. It would be much better to have the outside
interface twice. One for PPPoE or PPTP and the other one for the
transfer net to the DSL modem. Compared to a solution w/o PPPoE or PPTP
we must have to assign IP address to two real interfaces and can't just
add an alias to an existing one. Because m0n0wall can't assign a
physical interface once more, you'll have to do this step manually. Can
you please test the following?

Look in config.xml for the interface section:
    <interfaces>
    	<lan>
            <if>rl1</if>
            <ipaddr>192.168.0.1</ipaddr>
            <subnet>24</subnet>
            <media/>
            <mediaopt/>
        </lan>
        <wan>
            <if>rl0</if>
            <mtu>1492</mtu>
            <media/>
            <mediaopt/>
            <spoofmac/>
            <ipaddr>pppoe</ipaddr>
            <blockpriv/>
        </wan>
    </interfaces>

Copy the LAN section, insert it at the end (before </interfaces>),
replace LAN interface with WAN interface, give it the right IP address,
call the new section opt1 (depends on the number n of optional
interfaces you have, just call it opt(n+1)) and give it a good
description:

    <interfaces>
    	<lan>
            <if>rl1</if>
            <ipaddr>192.168.0.1</ipaddr>
            <subnet>24</subnet>
            <media/>
            <mediaopt/>
        </lan>
        <wan>
            <if>rl0</if>
            <mtu>1492</mtu>
            <media/>
            <mediaopt/>
            <spoofmac/>
            <ipaddr>pppoe</ipaddr>
            <blockpriv/>
        </wan>
    	<opt1>
            <if>rl0</if>
            <descr>OUT</descr>
            <ipaddr>150.150.150.1</ipaddr>
            <subnet>24</subnet>
            <media/>
            <mediaopt/>
        </opt1>
    </interfaces>

Restore this configuration into your m0n0wall. Reboot (will do this automatically).

Now you'll have a new interface called "OUT". If you take a look at the
generated ruleset (ipfstat -no) you must have an entry like this one
(notice the interface "rl0"!):

@6 pass out quick on rl0 from any to any keep state

Fine. Everything you have to do now is to disable advanced outbound NAT
and configure NAT rules by hand. Take a look at chapter "Static outside
IP address" in [1] for a HOWTO. I don't think that it's necessary to
exclude the transfer net from NAT on the PPPoE interface, because it
will never be routed to "ng0", so just create a rule for LAN and OUT:

Interface  Source           Destination  Target  Description
LAN        192.168.0.0/24   *            *       Masquerading
OUT        192.168.0.0/24   *            *       Masquerading

The advantages of this solution are obvious:
     1. works perfectly with DynDNS
     2. works after reboot
     3. no problem when editing rulesets
     4. also possible to generate own rulesets for the ne interface
     5. almost perfectly integrated into m0n0wall

The only disadvantage is, that "advanced outbound NAT" doesn't work
anymore, you'll have to edit your outbound NAT rules by yourself. But in
my opinion it's better to construct them by hand anyway.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |           "On the Internet, no one knows you're using
 Peter Allgeyer |   _-_     Windows NT" (Submitted by Ramiro Estrugo,
                | 0(o_o)0   restrugo at fateware dot com)
---------------oOO--(_)--OOo-----------------------------------------------