[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  "Grant Robinson" <jgrantr at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Public LAN IP's with WAN IP on a different subnet
 Date:  Mon, 8 May 2006 20:58:10 +0100 
Hello,

As you have real IP you need to enable 'Advanced Outbound NAT'. This will 
effectively disable NAT and allow the m0n0wall to correctly route the public 
IPs.

The WAN device (120.20.232.1 in your example) needs to have a route for the 
120.20.130.160/27 subnet with 120.20.233.181 as the gateway. If the device 
is provided by your ISP they may need to do this for you.

Alternately, you may have some success with proxy ARPing. Try adding proxy 
ARP entries in for your LAN addresses/subnet. This may remove the need for a 
route to be put on the WAN device (120.20.232.1).

I don't believe that bridging is what you need as you have two distinct 
subnets. Bridging is normally used when you only have one subnet and you 
don't want to split it further (as with a /29).

Regards,

Kris.

----- Original Message ----- 
From: "Grant Robinson" <jgrantr at gmail dot com>
To: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Sent: Monday, May 08, 2006 7:38 PM
Subject: [m0n0wall] Public LAN IP's with WAN IP on a different subnet


So, after searching the mailing list archives, reading the FAQ's and
doing a bunch of experimenting, I still cannot get my particular setup
to work, and the things I have read don't really apply.

Here is the setup: (ip addresses are not the real ones, but are for example)

WAN IP address: 120.20.233.181/23 (statically assigned)
WAN Gateway: 120.20.232.1

LAN: 120.20.130.160/27 (32 ip addresses, 30 usable, all public)
LAN IP address: 120.20.130.161 (m0n0wall LAN port)

So, basically this is a /27 subnet that is being routed to the WAN IP
address.  I can ping the WAN IP address just find from anywhere, but I
cannot ping the LAN IP address (the m0n0wall IP address) from the
outside world.  I can ping the boxes on the LAN subnet from the
m0n0wall box, and the boxes on the LAN subnet can ping the LAN IP
address of the m0n0wall box, but nothing outside of the subnet.

I am sure there is some sort of routing problem, but I have been
unable to figure out what it is.  This is what I have done:

* enabled "Advanced Outbound NAT"
* added firewall rules to allow inbound and outbound packets for the LAN 
subnet

What I have not tried is the bridging, but it sounds like one side of
the bridge needs to not have an IP address, which is not really what I
am looking for here.

I can also post my config if it's needed.

My questions would be:

1) Can m0n0wall be configured to handle this type of network
2) If yes, what am I missing?

Any help would be much appreciated.

--
Grant Robinson
jgrantr at gmail dot com

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch