[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall Routing and NAT Question
 Date:  Wed, 30 Nov 2005 17:39:14 -0500
On 11/30/05, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>  Sorry Chris, that was a question. Not a statement
>

Well, mine was a statement and a question at the same time.  :) 
Should have read "yes.  Did you disable NAT?"



>  Can I route these private subnets. Take a look at my original email and
> you'll see what I want to do :-)
>

yeah, i missed the earlier part of this thread.  Is it possible? 
Yeah.  pretty?  absolutely not.  But if you absolutely must set it up
this way...

1)  Do the m0n0walls have default gateway entries?  if so, what are
they?  if you're just routing these private subnets, they aren't
required, but whether or not they're defined and what they're defined
as could have some impact.
2)  as depicted in that diagram, the static route on m0n0wall #2 needs
to be on the WAN interface, not LAN as you showed (unless that was a
typo).  m0n0 #2 may also need a route on the WAN to 192.168.100.0/24,
depending on the answer to the above.
3)  I'd enable outbound NAT on both of them to completely disable NAT
(no rules at all), then I'd probably do a 1:1 mapping between a
192.168.22. IP and server 1's 192.168.3. IP, and add proxy arp on that
.22. IP too.  From there, as long as the proper firewall rules are in
place, everything should work.

-Chris