[ previous ] [ next ] [ threads ]
 
 From:  "Anastasija Bosiha" <anastasija dot bosiha at gmail dot com>
 To:  "Steven Shatz" <steven underscore shatz at yahoo dot com>, "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Routing across different subnets and m0n0wall devices
 Date:  Wed, 21 Sep 2005 13:01:27 +0300
Try to use static route on each router and check on the "Advanced" page
option "Bypass firewall rules for traffic on the same interface" This could
help, if I right understand the problem.

----- Original Message ----- 
From: "Steven Shatz" <steven underscore shatz at yahoo dot com>
To: "Christopher M. Iarocci" <iarocci at eastendsc dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, September 21, 2005 4:29 AM
Subject: Re: [m0n0wall] Routing across different subnets and m0n0wall
devices


> Yes.  I can actually ping from the clientA to
> m0n0wallB because the address differences between the
> m0n0wall level and client levels triggers an ARP.
>
> The odd thing is that using ethereal, I don't think
> I'm seeing any packets related to the gif0 interface
> flowing back and forth.
>
> Correct me if I'm wrong, but I think that on the
> client level, the ARP generated will be picked up by
> the gif0 interface which somehow transmits the ARP,
> through a tunnel on the m0n0wall layer, to the clientB
> network.  In theory, I should be seeing this ARP in
> the air, no?
>
> This is why I think maybe I'm setting the tunnel up
> incorrectly.
>
> Any ideas?  thanks
> Steven
>
> --- "Christopher M. Iarocci" <iarocci at eastendsc dot com>
> wrote:
>
> > This might sound trivial, but did you uncheck the
> > "Block private
> > networks" under the Interfaces->Wan section?
> >
> > Chris
> >
> >
> > Steven Shatz wrote:
> >
> > >Hello all,
> > >
> > >I have a question as to whether anyone has set up
> > >routing between m0n0wall devices such that clients
> > on
> > >either m0n0wall device can access clients on the
> > other
> > >m0n0wall device, with each m0n0wall device having
> > >different subnets.
> > >
> > >My desired configuration is two m0n0wall devices:
> > >
> > >m0n0wallA
> > >LAN:  192.168.2.1 (serves clients 192.168.2.0/24
> > via
> > >DHCP)
> > >WAN:  192.168.1.198
> > >
> > >m0n0wallB:
> > >LAN:  192.168.3.1 (serves clients 192.168.3.0/24
> > via
> > >DHCP)
> > >WAN:  192.168.1.197
> > >
> > >ClientA: (located under m0n0wallA)
> > >192.168.2.199
> > >
> > >ClientB:  (located under m0n0wallB)
> > >192.168.3.199
> > >
> > >
> > >Now, is there any way that Client B can reach
> > Client
> > >A, or vice-versa?
> > >
> > >I tried using static routes in the kernel by adding
> > >routes from the m0n0wallA to m0n0wallB's WAN (route
> > >add 192.168.3.0 -netmask 255.255.255.0
> > 192.168.1.197)
> > >with no success.  The traceroutes terminate at
> > >192.168.1.197 and don't continue routing down into
> > the
> > >subnet 192.168.3.0/24.
> > >
> > >I tried using proxy ARP and server-NAT to expose
> > the
> > >subnets, but by the time the ARPs reach the
> > >192.168.1.1 subnet, ARPs aren't triggered and are
> > sent
> > >on their way to the next router specified by
> > >"default".
> > >
> > >Are there any ideas as to what I may be missing or
> > how
> > >I can address this issue?
> > >
> > >Thanks
> > >Steven
> > >
> > >__________________________________________________
> > >Do You Yahoo!?
> > >Tired of spam?  Yahoo! Mail has the best spam
> > protection around
> > >http://mail.yahoo.com
> > >
> >
> >---------------------------------------------------------------------
> > >To unsubscribe, e-mail:
> > m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >For additional commands, e-mail:
> > m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> > >
> >
> >
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>