[ previous ] [ next ] [ threads ]
 
 From:  Jonathan Karras <jkarras at karras dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routed IP Block - Uses
 Date:  Sat, 07 Jan 2006 17:46:57 -0700
Bridging is unneeded. But I realized why you were having trouble with
the WAN address being seen instead of the /27 addresses.

The setup I described in a previous message will not work without one
more additional step. "Advanced Outbound NAT" needs to be configured.
Basically you don't want the VLAN interface IP addresses being NATed
behind the WAN address. M0n0wall automatically sets up a NAT rule for
each interface. To disable this follow the directions below.

So in addition to the steps described earlier. Check the box labeled
"Enable advanced outbound NAT" under the "Outbound" tab in the "NAT"
section.

After this is checked NAT on the LAN and vlan tagged OPT interface
will not work until entries are added for them. This is because we told
M0n0wall we wanted to do NAT our own way. So an example of manual NAT
config with a LAN subnet of 192.168.2.x and a WAN address of
123.21.41.50 would look like this:

Interface: WAN
Source: 192.168.2.1/24
Destination: [ ] not (unchecked)
               Type: Any

Target:  Leave Blank
Description: NAT(PAT) for LAN

Reapeat this for each private subnet which needs to be NATed behind the
WAN.

BTW, using 1:1 NAT with the same IP address on both sides ie
Outside:192.168.1.5 Inside:192.168.1.5 could cause problems. Mainly
because Mono won't know what interface that IP address really belongs.
This could be the cause of your earlier problems.

Jonathan

Aaron with Morad wrote:
>> Unless you turned NAT on for you /27 addresses they will be seen by
>>  their address and not the WAN
> 
> 
> Had to turn NAT on for that inerface.  I can't bridge a VLAN on my 
> hardware - could be my onboard Realtek NICs or just m0n0 not working
> for bridging VLANs.
> 
> Aaron
> 
> 
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For
> additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
signature.asc (0.8 KB, application/pgp-signature)