On 11/30/05, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
> Sorry Chris, that was a question. Not a statement
Well, mine was a statement and a question at the same time. :)
Should have read "yes. Did you disable NAT?"
> Can I route these private subnets. Take a look at my original email and
> you'll see what I want to do :-)
yeah, i missed the earlier part of this thread. Is it possible?
Yeah. pretty? absolutely not. But if you absolutely must set it up
1) Do the m0n0walls have default gateway entries? if so, what are
they? if you're just routing these private subnets, they aren't
required, but whether or not they're defined and what they're defined
as could have some impact.
2) as depicted in that diagram, the static route on m0n0wall #2 needs
to be on the WAN interface, not LAN as you showed (unless that was a
typo). m0n0 #2 may also need a route on the WAN to 192.168.100.0/24,
depending on the answer to the above.
3) I'd enable outbound NAT on both of them to completely disable NAT
(no rules at all), then I'd probably do a 1:1 mapping between a
192.168.22. IP and server 1's 192.168.3. IP, and add proxy arp on that
.22. IP too. From there, as long as the proper firewall rules are in
place, everything should work.