[ previous ] [ next ] [ threads ]
 From:  S dot F at fantasymail dot de
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Question about Static routes / Static route filtering
 Date:  Sun, 6 Nov 2005 04:12:39 +0100 (MET)
Hallo Monowall-List,

I have some questions about the correctly setup
with Static routes for multiple subnets on the
WAN Side (Public IP Adresses - NOT Private IPs!).
In the Monowall Versions before that i used i had
always the problem, that "anti-spoof" files blocked
all traffic from other Subnets. So far so good ...

With a filtering bridge WAN/opt1 it looks better and
works with Monowall 1.2 fine. Since it is not easy
(or maybe not possible?) to allow traffic between
computers from that Public IPs and a local zone (used
with a NAT gateway on OPT2) and a bridged WAN interface
i wanted to try whether i can solve it with Static routes.

I saw that in System: Advanced setup is the option to
enable the option for "Bypass firewall rules for traffic
on the same interface". Imho it can work (if it is right
configured) or i am wrong with that opinion?

Here are some details (hope this help to "help" me ;)
WAN Connection Type is Static with one IP from a /25 Net.
For that Internet Connection i got as "End Point" from
my Uplink Provider a Router (that one is configured without
any filterin and not any NAT on that router disabled). It
simple accept Traffic and doing routing for the whole traffic.

So it looks like that here:

Internet <-> Router(From ISP) <-> Connect to WAN (monowall) ...
and then <-> OPT1 Interface <-> is connected with a local Switch.

Note-1: The Router is not my own and Managed by the Uplink
Provider. They will do changed if i need them but i cant do
anything on that router self. The router has 1 IP adress in
each one from the 4 different subnets.

Note-2: IF POSSIBLE i want to use OPT2 Interface with NAT for
local IP adresses. I am just not really sure how i can setup
that computers can talk together between the net with the
Public IPs and the computers connected on the other OPT3 Interface
with local IPs and NAT enabled. That thing confuse me a lot.

Note-3: The LAN Interface is Only Connected with a crossover
cat5 cable to a computer (that has 2 Network cards) for access
to the monowall. That computer/client has 2 Gateways defined
1 for the local IPs (for cross over connection th the monowall)
and a other Gateway that is enabled with a Public IP to connect
to other computers and the internet.

I tryed to explain everything as good as possible (english is not
my native speak so please ignore my bad grammer as long as you do
understand me ;) 

I did rtfm about Static Routes with monowall but there are the
following questions - i hope someone here will help me out.

The docs about static routes say ...

Interface: select the interface to which the route must be applied

Q: Traffic should be transfered/go between WAN and OPT1. OPT1 is the
Interface thats used for a connection to a switch on the local network.
So must the route be applied to WAN or OPT1 Interface?

Destination Network: select the network that have to be reached
with Classless Inter-Domain Routing (CIDR) code for subnetting

Q: I think i must setup 3 static routes for the 3 subnets where
NOT the WAN interface has a IP in that same block, right?
Adding the Subnets with CIDR (i know that it means) is not any problem.

Gateway: the gateway that the firewalll must use in order to
reach the Destination Network.

Q: I think i must give there the routers IP that belongs to the
Destination Network - so the gateway ip from the same subnet range?

Thank you very much for any help!

Best regards,