[ previous ] [ next ] [ threads ]
 
 From:  Mark Wass <mark dot wass at market dash analyst dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall Routing and NAT Question
 Date:  Thu, 01 Dec 2005 12:13:00 +1000 
Hi Chris

I'm stuck again, here's a refresher.

       Server#1 192.168.3.20/24
          |
          |
          |
          |LAN IP 192.168.3.1/24
      ---------
      monowall#1
      ---------
          |WAN IP = 10.0.0.1/30
          |
          |
          |
          |
          |WAN IP = 10.0.0.2/30
      ---------
      monowall#2
      ---------
          |OPT1 IP 192.168.22.1/24
          |
          |
          |
          |
          |eth0 IP = 192.168.22.3/24
     ------------
     Linux Router
     ------------
          |eth1 IP = 192.168.100.1/24
          |
          |
          |
       Server#2 192.168.100.2/24

So far my routing allows me to ping from Server#1 all the way through to 
192.168.22.3 (Linux Router)

Server#2 can ping all the way to 10.0.0.1 (monowall#1)

I'm getting stuck on the static routing, heres what I have:

Advanced outbound NAT turn on at both monowalls

monowall#1 default gateway is 10.0.0.2
monowall#2 default gaetway is 10.0.0.1
Linux Router default gateway is 192.168.22.1 (Is this correct for 
allowing Server#1 to connect to Server#2?)

STATIC ROUTES
=============

monowall#1
---------   -------            -------
INTERFACE   NETWORK            GATEWAY
---------   -------            -------
WAN         192.168.100.0/24   10.0.0.2
WAN         192.168.22.0/24    10.0.0.2

monowall#2
---------   -------            -------
INTERFACE   NETWORK            GATEWAY
---------   -------            -------
WAN         192.168.3.0/24     10.0.0.1
OPT1        192.168.100.0/24   192.168.22.3

Linux Router
---------   -------            -------
INTERFACE   NETWORK            GATEWAY
---------   -------            -------
no static routes added, default gateway is 192.168.22.1

------------------------------------------

I need to be able to ping from Server#1 to Server#2 and vice versa.

Where am I going wrong?


Chris Buechler wrote:

>On 11/30/05, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>  
>
>> Sorry Chris, that was a question. Not a statement
>>
>>    
>>
>
>Well, mine was a statement and a question at the same time.  :) 
>Should have read "yes.  Did you disable NAT?"
>
>
>
>  
>
>> Can I route these private subnets. Take a look at my original email and
>>you'll see what I want to do :-)
>>
>>    
>>
>
>yeah, i missed the earlier part of this thread.  Is it possible? 
>Yeah.  pretty?  absolutely not.  But if you absolutely must set it up
>this way...
>
>1)  Do the m0n0walls have default gateway entries?  if so, what are
>they?  if you're just routing these private subnets, they aren't
>required, but whether or not they're defined and what they're defined
>as could have some impact.
>2)  as depicted in that diagram, the static route on m0n0wall #2 needs
>to be on the WAN interface, not LAN as you showed (unless that was a
>typo).  m0n0 #2 may also need a route on the WAN to 192.168.100.0/24,
>depending on the answer to the above.
>3)  I'd enable outbound NAT on both of them to completely disable NAT
>(no rules at all), then I'd probably do a 1:1 mapping between a
>192.168.22. IP and server 1's 192.168.3. IP, and add proxy arp on that
>.22. IP too.  From there, as long as the proper firewall rules are in
>place, everything should work.
>
>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>