As you have real IP you need to enable 'Advanced Outbound NAT'. This will
effectively disable NAT and allow the m0n0wall to correctly route the public
The WAN device (220.127.116.11 in your example) needs to have a route for the
18.104.22.168/27 subnet with 22.214.171.124 as the gateway. If the device
is provided by your ISP they may need to do this for you.
Alternately, you may have some success with proxy ARPing. Try adding proxy
ARP entries in for your LAN addresses/subnet. This may remove the need for a
route to be put on the WAN device (126.96.36.199).
I don't believe that bridging is what you need as you have two distinct
subnets. Bridging is normally used when you only have one subnet and you
don't want to split it further (as with a /29).
----- Original Message -----
From: "Grant Robinson" <jgrantr at gmail dot com>
To: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Sent: Monday, May 08, 2006 7:38 PM
Subject: [m0n0wall] Public LAN IP's with WAN IP on a different subnet
So, after searching the mailing list archives, reading the FAQ's and
doing a bunch of experimenting, I still cannot get my particular setup
to work, and the things I have read don't really apply.
Here is the setup: (ip addresses are not the real ones, but are for example)
WAN IP address: 188.8.131.52/23 (statically assigned)
WAN Gateway: 184.108.40.206
LAN: 220.127.116.11/27 (32 ip addresses, 30 usable, all public)
LAN IP address: 18.104.22.168 (m0n0wall LAN port)
So, basically this is a /27 subnet that is being routed to the WAN IP
address. I can ping the WAN IP address just find from anywhere, but I
cannot ping the LAN IP address (the m0n0wall IP address) from the
outside world. I can ping the boxes on the LAN subnet from the
m0n0wall box, and the boxes on the LAN subnet can ping the LAN IP
address of the m0n0wall box, but nothing outside of the subnet.
I am sure there is some sort of routing problem, but I have been
unable to figure out what it is. This is what I have done:
* enabled "Advanced Outbound NAT"
* added firewall rules to allow inbound and outbound packets for the LAN
What I have not tried is the bridging, but it sounds like one side of
the bridge needs to not have an IP address, which is not really what I
am looking for here.
I can also post my config if it's needed.
My questions would be:
1) Can m0n0wall be configured to handle this type of network
2) If yes, what am I missing?
Any help would be much appreciated.
jgrantr at gmail dot com
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch