[ previous ] [ next ] [ threads ]
 From:  "Thibodeau, Dale" <dthibode at uwc dot edu>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT and network monitoring, please help
 Date:  Mon, 10 Oct 2005 10:17:47 -0500
I added the firewall rule but I still can't ping the LAN address.  Do I
need to turn on proxy arp on the m0n0wall or make any other changes to
get my workstation to see the other side?


-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Friday, October 07, 2005 4:18 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] NAT and network monitoring, please help

On 10/7/05, Thibodeau, Dale <dthibode at uwc dot edu> wrote:
> I did a search but couldn't find anything similar so I'm going to put 
> this out for comment.
> My m0n0 setup is like this, pretty simple;
>     |---------|    |---------|    |------------|
>     | WAN     |----| M0N0    |----| LAN        |
>     |10.64.x.x|    |         |    |192.168.1.x |
>     |---------|    |---------|    |------------|
> My wireless users connect to about 10 wireless access points on the 
> LAN side and with the captive portal authenticate with a radius server

> on the WAN side.  How do I setup M0n0wall to allow my workstation on 
> the WAN side full access to the Wap's on the LAN side?

Don't NAT at all.  Assuming your workstation is on the 10.x.x.x network,
if you disable NAT and put in the appropriate firewall rules, you'll be
able to get to anything behind m0n0wall.

If you want to do it without disabling NAT, 1:1 NAT for each AP is
probably the best solution.

Given that the WAN side is on a private IP network, you probably don't
want to be NAT'ing anyway since you'll then end up double NAT'ing when
users go out to the Internet, and that just gets ugly...


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch