[ previous ] [ next ] [ threads ]
 
 From:  Dirk Kreyenberg <dirk at abstauber dot net>
 To:  dave at rodrig dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall Issues with subnets
 Date:  Thu, 08 Jan 2004 22:34:42 +0100
Thanks alot!!
I also found a workaround by allowing private addressen at the WAN
interface and enabling nat on the workgroup router (which was kinda slow
because everything was natted at m0n0 again).
So you your solution is faster and way more secure :-)

btw. is there a way to get a kind of command shell at m0n0wall, it would
make my debugging a little bit more effective ?

Thanks,
Dirk

 
On Thu, 2004-01-08 at 21:09, dave wrote:
> are you sure the packets are being blocked? it sounds to me that it's 
> more likely a NAT issue....
> 
> by default, m0n0wall NATs the LAN traffic with the WAN address when it 
> passes it out to the internet. the traffic being sourced from behind 
> that router won't be NATed unless you change the default configuration.
> 
> You'll have to do the following:
> 
> NAT --> Outbound --> Check "Enable Advanced Outbound NAT" --> Click 
> "Save" (which DISABLES the existing, default NAT setup)
> 
> Click "+" to add a new NAT rule.
> 
> Enter 192.168.201.0/24 into the "Internal Subnet" field.
> 
> Leave "External Subnet" set to any so that the NAT applies to any 
> destination (or restrict to specific networks if that's what you want, 
> but I suspect not).
> 
> Click "Save", then "Apply Changes".
> 
> You should be able to get out from that network now.
> 
> Repeat for the others, including the DMZ since we disabled it up above.
> 
> have fun
> dave
> 
> 
> 
> Dirk Kreyenberg wrote:
> > Hi there,
> > 
> > I'm encountering the problem that m0n0wall keeps ignoring me and my
> > commands (I'm running pb23r570 on a Soekris net4801 btw.) and I'm a
> > little confused about that. So it would be very nice if anyone could
> > help me out. 
> > 
> > My Network looks like the following:
> > 
> > WAN (PPPoE)---m0n0wall---DMZ 192.168.150.0/24--
> > --LANs:192.168.201.0/24 - 205.0/24
> > 
> > The LANs are connected to the DMZ via a multiport Router, its interface
> > to the DMZ has the IP 192.168.150.2.
> > With the standard FW-rules, only the DMZ is allowed to access the
> > internet (proto: *; source: LAN net; Port *; Dest *; Port *) 
> > So the m0n0wall box is blocking access requests from 201 to 205, while
> > everthing from net 150 can acces the WAN.
> > I now added following passing rule:
> > Proto: *; source: 192.168.201.0/24; Port: *; Dest *; Port *
> > Unfortunately the Firewall logs are then showing me, that all traffic
> > from 192.168.201.0 is still beeing blocked. 
> > This also happens if I try that with the other segments.
> > 
> > I have absolutely no clue why this is happening, so please can anyone
> > help?
> > 
> > Thanks,
> > Dirk
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
>