[ previous ] [ next ] [ threads ]
 From:  mtnbkr <waa dash m0n0wall at revpol dot com>
 To:  =?UTF-8?B?V8WCb2R6aW1pZXJ6IEZyxIVjemVr?= <wlodek at widar dot lublin dot pl>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Can't ping
 Date:  Fri, 24 Feb 2006 10:06:08 -0500
WÅ‚odzimierz FrÄ…czek wrote:
>> WÅ‚odzimierz FrÄ…czek wrote:
>>> Hello
>>> I try to use m0n0nowall ver.1.21 but have troubles on begining.
>>> My first m0n0 NIC ( LAN ) -
>>> I create VLAN ( parent interface - LAN ) and give address (
>>> OPT1 )
>>> Next I link my PC ( my address ) to LAN
>>> I can ping of course to LAN and after adding a trace to the routing
>>> table in my Windows to OPT1 too.
>>> But if I change my PC adress to for example I can't ping
>>> nowhere ( OPT1, LAN )
>>> Please explain me why ?
>>> WF
>> Basic reason is that your PC has not been configured to understand/work
>> with 802.1q (VLANS).
>> Your m0n0wall's VLAN interface, listening on, will only
>> respond to packets that are tagged with 802.1q information for the VLAN
>> you have configured. Your computer is sending NON-802.1q tagged ethernet
>> frames, and as such your m0n0wall is seeing them on its LAN interface,
>> and is probably dropping them, or just allowing them to pass (default
>> m0n0wall LAN rule is to allow all)
> ----------------
> As I wrote I can ping to VLAN interface ( OPT1 ) under some circumstaces :
> 1. My PC adress :
> 2. My route table entry :
>   route add mask
> I understand that in this case my PC send packet without 802.1q frame
> and neverthless VLAN interface answer me.

That is correct - Since your PC is connected to m0n0wall's LAN interface
and is on the same subnet as m0n0wall's LAN IP address is, m0n0wall's
DEFAULT LAN rule "Allow any to any" allows your ICMP request into its
LAN interface and then forwards it to its IP address of its VLAN
interface on the network.

In other words, m0n0wall is allowing and then forwarding your ICMP
requests. That is why it works.

> By the way, if  I change one of my NIC card ( INTEL PRO/100 VE )
> property ( QoS packet tagging ) I still have the same problem.
> --------------------

In this case I am guessing that you probably have not created any rules
on the VLAN interface. So even if your PC is now properly tagging
packets for the correct VLAN that your m0n0wall has configured, no rule
has been added to allow that packet to pass and they will be dropped.

Click on RULES, then select the VLAN tab and add a rule to allow traffic
from the VLAN subnet.

Bill Arlofski
Reverse Polarity