[ previous ] [ next ] [ threads ]
 
 From:  dave <dave at rodrig dot com>
 To:  dirk dot kreyenberg at web dot de
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall Issues with subnets
 Date:  Thu, 08 Jan 2004 15:09:30 -0500
are you sure the packets are being blocked? it sounds to me that it's 
more likely a NAT issue....

by default, m0n0wall NATs the LAN traffic with the WAN address when it 
passes it out to the internet. the traffic being sourced from behind 
that router won't be NATed unless you change the default configuration.

You'll have to do the following:

NAT --> Outbound --> Check "Enable Advanced Outbound NAT" --> Click 
"Save" (which DISABLES the existing, default NAT setup)

Click "+" to add a new NAT rule.

Enter 192.168.201.0/24 into the "Internal Subnet" field.

Leave "External Subnet" set to any so that the NAT applies to any 
destination (or restrict to specific networks if that's what you want, 
but I suspect not).

Click "Save", then "Apply Changes".

You should be able to get out from that network now.

Repeat for the others, including the DMZ since we disabled it up above.

have fun
dave



Dirk Kreyenberg wrote:
> Hi there,
> 
> I'm encountering the problem that m0n0wall keeps ignoring me and my
> commands (I'm running pb23r570 on a Soekris net4801 btw.) and I'm a
> little confused about that. So it would be very nice if anyone could
> help me out. 
> 
> My Network looks like the following:
> 
> WAN (PPPoE)---m0n0wall---DMZ 192.168.150.0/24--
> --LANs:192.168.201.0/24 - 205.0/24
> 
> The LANs are connected to the DMZ via a multiport Router, its interface
> to the DMZ has the IP 192.168.150.2.
> With the standard FW-rules, only the DMZ is allowed to access the
> internet (proto: *; source: LAN net; Port *; Dest *; Port *) 
> So the m0n0wall box is blocking access requests from 201 to 205, while
> everthing from net 150 can acces the WAN.
> I now added following passing rule:
> Proto: *; source: 192.168.201.0/24; Port: *; Dest *; Port *
> Unfortunately the Firewall logs are then showing me, that all traffic
> from 192.168.201.0 is still beeing blocked. 
> This also happens if I try that with the other segments.
> 
> I have absolutely no clue why this is happening, so please can anyone
> help?
> 
> Thanks,
> Dirk
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>