|
||||||||||
Try to use static route on each router and check on the "Advanced" page option "Bypass firewall rules for traffic on the same interface" This could help, if I right understand the problem. ----- Original Message ----- From: "Steven Shatz" <steven underscore shatz at yahoo dot com> To: "Christopher M. Iarocci" <iarocci at eastendsc dot com> Cc: <m0n0wall at lists dot m0n0 dot ch> Sent: Wednesday, September 21, 2005 4:29 AM Subject: Re: [m0n0wall] Routing across different subnets and m0n0wall devices > Yes. I can actually ping from the clientA to > m0n0wallB because the address differences between the > m0n0wall level and client levels triggers an ARP. > > The odd thing is that using ethereal, I don't think > I'm seeing any packets related to the gif0 interface > flowing back and forth. > > Correct me if I'm wrong, but I think that on the > client level, the ARP generated will be picked up by > the gif0 interface which somehow transmits the ARP, > through a tunnel on the m0n0wall layer, to the clientB > network. In theory, I should be seeing this ARP in > the air, no? > > This is why I think maybe I'm setting the tunnel up > incorrectly. > > Any ideas? thanks > Steven > > --- "Christopher M. Iarocci" <iarocci at eastendsc dot com> > wrote: > > > This might sound trivial, but did you uncheck the > > "Block private > > networks" under the Interfaces->Wan section? > > > > Chris > > > > > > Steven Shatz wrote: > > > > >Hello all, > > > > > >I have a question as to whether anyone has set up > > >routing between m0n0wall devices such that clients > > on > > >either m0n0wall device can access clients on the > > other > > >m0n0wall device, with each m0n0wall device having > > >different subnets. > > > > > >My desired configuration is two m0n0wall devices: > > > > > >m0n0wallA > > >LAN: 192.168.2.1 (serves clients 192.168.2.0/24 > > via > > >DHCP) > > >WAN: 192.168.1.198 > > > > > >m0n0wallB: > > >LAN: 192.168.3.1 (serves clients 192.168.3.0/24 > > via > > >DHCP) > > >WAN: 192.168.1.197 > > > > > >ClientA: (located under m0n0wallA) > > >192.168.2.199 > > > > > >ClientB: (located under m0n0wallB) > > >192.168.3.199 > > > > > > > > >Now, is there any way that Client B can reach > > Client > > >A, or vice-versa? > > > > > >I tried using static routes in the kernel by adding > > >routes from the m0n0wallA to m0n0wallB's WAN (route > > >add 192.168.3.0 -netmask 255.255.255.0 > > 192.168.1.197) > > >with no success. The traceroutes terminate at > > >192.168.1.197 and don't continue routing down into > > the > > >subnet 192.168.3.0/24. > > > > > >I tried using proxy ARP and server-NAT to expose > > the > > >subnets, but by the time the ARPs reach the > > >192.168.1.1 subnet, ARPs aren't triggered and are > > sent > > >on their way to the next router specified by > > >"default". > > > > > >Are there any ideas as to what I may be missing or > > how > > >I can address this issue? > > > > > >Thanks > > >Steven > > > > > >__________________________________________________ > > >Do You Yahoo!? > > >Tired of spam? Yahoo! Mail has the best spam > > protection around > > >http://mail.yahoo.com > > > > > > >--------------------------------------------------------------------- > > >To unsubscribe, e-mail: > > m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > >For additional commands, e-mail: > > m0n0wall dash help at lists dot m0n0 dot ch > > > > > > > > > > > > > > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |