Re: [m0n0wall] IP Alias on LAN (2 subnets) not working ?

From:	Ian Cartwright <ian351c at cox dot net>
To:	Michal Cech <cech at finalnet dot cz>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IP Alias on LAN (2 subnets) not working ?
Date:	Fri, 02 Jan 2004 11:25:11 -0700
On Fri, 2004-01-02 at 10:58, Michal Cech wrote:
> I set WAN (rl1): 10.10.30.100/24
> 
> I add IP alias on WAN interface
> ifconfig rl1 inet 10.10.40.100/24 alias
> 
> Firewall Rules:
> WAN INTERFACE
> Proto-Source-Port-Destination-Port-Description
> any       any                 any                     any
> 
> PING  on WAN
> PC 10.10.30.1  --->  10.10.30.100  OK
> PC 10.10.40.1  --->  10.10.40.100  OK
> ---------------------------------------------------
> I set LAN (rl0): 10.10.10.100/24
> 
> I add IP alias on LAN interface
> ifconfig rl0 inet 10.10.20.100/24 alias
> 
> Firewall Rules:
> LAN INTERFACE
> Proto-Source-Port-Destination-Port-Description
> any       any                 any                     any
> 
> PING  on LAN
> PC 10.10.10.1  --->  10.10.10.100  OK
> PC 10.10.20.1  --->  10.10.20.100  TIMEOUT !!!!!
> ----------------------------------------------------
> ???????????????????????????????????????????????
> WHY NOT WORK ALIAS ON LAN  ???
> 
> All  PC  Hardware   100%  OK (change test)
> I use generic-pc-pb22r566.img
> I set     Enable advanced outbound NAT  (disable NAT)
> 
> Thanks for all
> 
> ----------------------------------------------------
> PS:  netstat show all OK
> 
> NETSTAT -r
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            10.10.30.200       UGSc     0         0        rl1
> 10.10.10/24        link#1             UC          2         0        rl0
> 10.10.20/24        link#1             UC          1         0        rl0
> 10.10.30/24        link#2             UC          1         0        rl1
> 10.10.30.200      link#2             UHLW    1         0        rl1
> 10.10.40/24        link#2             UC          0         0        rl1
> localhost             localhost          UH          1     10670    lo0
> 
> FIREWALL  LOG   SHOW:
> 18:56:22.216621 rl0 @0:9 B 10.10.20.1 -> 10.10.20.100 PR icmp len 20 60 icmp
> echo/0 IN
> 18:56:16.716605 rl0 @0:9 B 10.10.20.1 -> 10.10.20.100 PR icmp len 20 60 icmp
> echo/0 IN
> 18:56:11.216557 rl0 @0:9 B 10.10.20.1 -> 10.10.20.100 PR icmp len 20 60 icmp
> echo/0 IN
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

Michal,

You might want to try executing "ipfstat -i -o -n -h" to get a detailed
list of what firewall rules are active and how many hits you have on
each rule. It is possible that the automatic rule generation routines in
M0n0wall do not generate rules for aliases. In this case you might
experience the behavior you are seeing because M0n0wall automatically
allows packets of a certain type to the WAN interface (and by
implication to aliases of that interface) but not to the LAN interface
(or only to the IP Address of the LAN interface).

CHeers,

Ian