RE: [m0n0wall] RE: 2nd (public) IP on the WAN interface?

From:	"Jeppe Oland" <uxorious at acon dot dezign dot dk>
To:	<m0n0wall at lists dot m0n0 dot ch>
Cc:	"'Jonathan Karras'" <jkarras at karras dot net>
Subject:	RE: [m0n0wall] RE: 2nd (public) IP on the WAN interface?
Date:	Sun, 5 Mar 2006 11:34:55 -0800

> Your problem is interesting because I can access my Cable 
> Modem IP address of 192.168.100.1 from inside the LAN on my 
> M0n0wall. I currently have the "Block private networks" rule 
> turned on and it works fine. I did nothing special to get 
> this to work.

Eeeh I thought the point of that checkbox was that when it is checked, no
traffic for private networks will be let through the firewall....

> Are you using the correct address for your cable modem. Most 
> of the modems I have seen use 192.168.100.1 not 192.168.0.1.

Not cable - DSL.
And yeah it's on 192.168.0.1. If I wire my computer straight to the modem
and use a static IP on that subnet I can reach it just fine.

Again, it's a routing problem.
If I traceroute to 192.168.0.1, I get the following:

Tracing route to 192.168.0.1 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  firewall.x.x [192.168.1.1]
  2    11 ms    11 ms     9 ms  GW-of-my-ISP [x.x.x.x]
  3     *        *        *

The problem is that the m0n0 WAN interface only has one IP - the one my ISP
gives out.
Since it's not on 192.168.0.x, it asks its default GW - the ISP one, and
they don't route back to local networks.

Regards,
-Jeppe