|
||||||||
I added the firewall rule but I still can't ping the LAN address. Do I need to turn on proxy arp on the m0n0wall or make any other changes to get my workstation to see the other side? dale -----Original Message----- From: Chris Buechler [mailto:cbuechler at gmail dot com] Sent: Friday, October 07, 2005 4:18 PM Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] NAT and network monitoring, please help On 10/7/05, Thibodeau, Dale <dthibode at uwc dot edu> wrote: > I did a search but couldn't find anything similar so I'm going to put > this out for comment. > > My m0n0 setup is like this, pretty simple; > > |---------| |---------| |------------| > | WAN |----| M0N0 |----| LAN | > |10.64.x.x| | | |192.168.1.x | > |---------| |---------| |------------| > > My wireless users connect to about 10 wireless access points on the > LAN side and with the captive portal authenticate with a radius server > on the WAN side. How do I setup M0n0wall to allow my workstation on > the WAN side full access to the Wap's on the LAN side? > Don't NAT at all. Assuming your workstation is on the 10.x.x.x network, if you disable NAT and put in the appropriate firewall rules, you'll be able to get to anything behind m0n0wall. If you want to do it without disabling NAT, 1:1 NAT for each AP is probably the best solution. Given that the WAN side is on a private IP network, you probably don't want to be NAT'ing anyway since you'll then end up double NAT'ing when users go out to the Internet, and that just gets ugly... -chris --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |