Just an idea, can an IPSeC tunnel between m0n0_A and m0n0_B, be a solution
to this setup?? If so, do I need any static routes in any of the 3 routers?

What do you think about this?

Thanks
Carlos Rosário


-----Original Message-----
From: Christoph Hanle [mailto:christoph dot hanle at leinpfad dot de] 
Sent: terça-feira, 6 de Setembro de 2005 19:42
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Static Routing?

Carlos Rosário schrieb:
> No solution?
Not realy

> Site A:
> 
> LAN - 192.168.1.1/24
> 
> WAN – 10.0.0.1/30 Gateway:10.0.0.2
> 
> The internet gateway for this subnet is at 192.168.1.254 and provides DHCP
> to this subnet.
> 
> Site B:
> 
> LAN – 192.168.2.1/24
> 
> WAN – 10.0.0.2/30  Gateway:10.0.0.1

I this correct?:
0.0.0.0-[Router_xy-192.168.1.254]-LAN_A(192.168.1.0/24)-[192.168.1.1-mono_A-
10.0.0.1]-[10.10.0.2-mono_B-192.168.2.1]-LAN_B(192.168.2.0/24)

If it is so:
1.Router_xy gets route destinaton 192.168.2.0/24 to 192.168.1.1
- maybe also destinaton 10.10.0.0/30
2. mono_A gets changed:
192.168.1.1 to WAN
10.0.0.1 to LAN
route on mono_A 192.168.2.0/32 to mono-B (10.0.0.2), GW on mono_A is 
router-xy
3. mono-B is ok, but route 192.168.1.0/32 to 10.0.0.1 (mono_A)

4. increase 10.0.0.0/30 to 10.0.0.0/24
5. untag "Block private networks" on both monos
6. i think, but i don´t realy know, then you need 1:1 NAT on both monos.

This should work, but if you don´t need realy firewalling, take a look 
on freesco, it should work easier for you.

bye
Christoph


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch