[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: private lan on WAN interface
 Date:  Fri, 9 Sep 2005 16:32:06 +0500
xyz.abc.162.4/24  is the remote LAN
xyz.abc.160.4/24  is the local LAN
vr0 is the m0n0 WAN port

exec.php
ifconfig vr0 inet xyz.abc.162.4/24 alias

All traffic from remote LAN is routed to m0n0 on the WAN interface by
a private circuit.
I need the remote LAN and the local LAN to be able to access each
other with no restrictions

(tick) Enable advanced outbound NAT
WAN  	 xyz.abc.160.0/24  	 ! xyz.abc.162.0/24  	 *  	 normal LAN NAT   	   
WAN 	xyz.abc.160.0/24 	xyz.abc.162.0/24 	xyz.abc.162.4 	allow local
LAN to access remote

exec.php:
echo "map vr0 xyz.abc.162.0/24 -> xyz.abc.160.0/24 portmap tcp/udp
auto" | ipnat -f -

$ ipnat -l
List of active MAP/Redirect filters:
map vr0 from xyz.abc.160.0/24 to xyz.abc.162.0/24 -> xyz.abc.162.4/32
proxy port ftp ftp/tcp
map vr0 from xyz.abc.160.0/24 to xyz.abc.162.0/24 -> xyz.abc.162.4/32
portmap tcp/udp auto
map vr0 from xyz.abc.160.0/24 to xyz.abc.162.0/24 -> xyz.abc.162.4/32
map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
proxy port ftp ftp/tcp
map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
portmap tcp/udp auto
map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
map vr0 xyz.abc.162.0/24 -> xyz.abc.160.0/24 portmap tcp/udp auto

now I can access the remote LAN from the local LAN no probs. However
the last line above is meant to allow access (by NAT) of the local LAN
by the remote. This does not work. If I allow all from the remote host
I can access the m0n0 web interface on xyz.abc.162.4 (but a ping to
the same address gives "Destination host unreachable" ???!!). However
I cannot get into the local LAN.

Any ideas of what else to try?

sai