Re: [m0n0wall] Accessing ADSL Router box on WAN side of m0n0wall

From:	Steve Yates <steve at teamITS dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Accessing ADSL Router box on WAN side of m0n0wall
Date:	Wed, 12 Oct 2005 13:18:58 -0500

On Wed, 12 Oct 2005 17:12:47 +0100
Jack Challen <jack underscore challen at ocsl dot co dot uk> wrote:

> I'm using m0n0wall to protect my home network (192.168.3.0/24) from the
> internet. I'm connected to the internet by an ADSL router (D-Link 
> DSL300-T) running in bridge mode, then doing the PPP authentication from 
> m0n0wall as PPPoE. This is (or has been) utterly, utterly reliable.
>
> The one thing I want to do is to get access to the router's (sucky) web 
> interface from inside my LAN. My router's configured as 192.168.3.222, 
> but it's obviously on the WAN side of the firewall. You can still access 
> it while it's in bridge mode, but because it's on the "wrong" side of 

	Is m0n0wall bridging here?  If you truly mean the ADSL router is
in bridge mode and m0n0wall is providing NAT, m0n0wall will never on its
own feed 192.168.3.222 through itself to WAN since that is a local
address.  It "knows" that is supposed to be on LAN.  You might be able
to add a static route for the ADSL router's IP to force that IP to route
out the WAN interface.  Or else, make your private range something else
(e.g., 192.168.1.x, or 10.0.0.x).

> ARP requests don't make it across; it's a private network 
> connected to the public interface.... you get the idea.

	This may or may not help but there is a checkbox that defaults
to disabling routing of private network traffic to/from WAN.

 - Steve Yates
 - ITS, Inc.
 - If at first you don't succeed, don't be foolish.  Give up.

~ Taglines by Taglinator 4 - www.srtware.com ~