|
||||||||
Hello, I think it might be time to start sniffing the traffic on the wire on the WAN side of the m0n0wall. Getting public IPs working when you have both WAN and LAN subnets is normally very easy so something in my view something is wonky with the routing to your m0n0wall. Have you been able to do a traceroute from another host on the Internet to confirm that the LAN IPs get routed as far as your WAN? Kris. ----- Original Message ----- From: "Grant Robinson" <jgrantr at gmail dot com> To: <m0n0wall at lists dot m0n0 dot ch> Sent: Monday, May 08, 2006 10:10 PM Subject: Re: [m0n0wall] Public LAN IP's with WAN IP on a different subnet On 5/8/06, Kristian Shaw <monowall at wealdclose dot co dot uk> wrote: > Hello, > > As you have real IP you need to enable 'Advanced Outbound NAT'. This will > effectively disable NAT and allow the m0n0wall to correctly route the > public > IPs. I have already done that, and it still does not work. > > The WAN device (120.20.232.1 in your example) needs to have a route for > the > 120.20.130.160/27 subnet with 120.20.233.181 as the gateway. If the device > is provided by your ISP they may need to do this for you. The ISP is already routing the 120.20.130.160/27 subnet to my WAN IP address. > > Alternately, you may have some success with proxy ARPing. Try adding proxy > ARP entries in for your LAN addresses/subnet. This may remove the need for > a > route to be put on the WAN device (120.20.232.1). I have confirmed with the ISP that proxy ARP is not needed. I have tried it with proxy ARP turned on and turned off, and it doesn't work either way. -- Grant Robinson jgrantr at gmail dot com --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |