[ previous ] [ next ] [ threads ]
 
 From:  "Klaus Stock" <ks at stock dash consulting dot com>
 To:  Christian Graffeuille <frachg at yahoo dot fr>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall and ADSL router: all traffic is blocked
 Date:  Tue, 20 Jun 2006 12:26:43 +0200 
Check if the PCs have the correct IP addresses (note that a machine may have
more than one IP address).

Do you have any other network connections not pictured in your diagram? Such
as WLAN?

- Klaus

> Hi,
>    
>   I have the following 3-NIC setup:
>    
>    
>   (Internet)    
>      |  
>        |
> (WAN: Dynamic Public IP)    
>    Dynalink RTA300 ADSL router, NAT, DNS proxy
> (LAN: 192.168.0.1/22)
>      |
>      |
> (WAN: 192.168.0.2/27  GW: 192.168.0.1)
>     m0n0wall 192.168.1.2 (LAN IP addy on the console)
> (LAN: 192.168.1.2/24) (DMZ 192.168.2.34/29)
>      |                      |  
>      |                      |
> (PCs: 192.168.1.1/22)  (DMZ: 192.168.2.35/22)
>    
>    
>   Firewall rules
>   green arrow *   *   *   *   *  for all three LAN WAN OPT1 tabs
>   
>  
>    
>   the /22 subnet mask (255.255.252.0) is there so that PCs, router and DMZ
see
> each other as part of the LAN. Because m0n0wall has narrower subnets
defined,
> each subnet is separate as far as it is concerned (if i understand
correctly),
> right?
>    
>   /22 may not be useful when m0n0wall runs, but comes handy when it is
removed
> (as i plug and unplug a lot lately, since nothing works...).
> 
> The problem is that nothing goes thru m0n0wall.
>   
> I can ping the DMZ box and the PC (500 ms!) from m0n0wall, but not the
router.
> When m0n0wall is in the way, PCs, DMZ box and router can no longer see
each
> other.
>    
>   
> the m0n0wall system log has this message
>    
>   kernel: arp: 192.168.0.1 is on ed1 but got reply from 00:90:96:48:d4:11
on
> xl0
>    
>   where xl0 is lan and ed1 is wan. not sure what to make of it. the router
is
> not connected to the lan NIC.
> 
>    
>   That's all I can think of. I have learnt a lot lately, but there are
> obviously still huge gaps in my understanding of the app.
>    
>    
>   A similar issue was discussed 2 years ago at 
>   http://m0n0.ch/wall/list/showmsg.php?id=71/12
>   but it is of no use to me.
>    
>   So if a good samaritan feels like untangling this mess for me, I'll be
very
> grateful. Once traffic goes thru, I am confident (yes! :o) I can play with
the
> rest of the config. But for now, I obviously am missing something big.
>   
> 
> Thanks for your help, Christian
> 
> 
> 
> 
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
>    
> 
> 
> 
>  		
> ---------------------------------
>  Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son
> interface révolutionnaire.

_________________________________________________________
This mail sent using V-webmail - http://www.v-webmail.orgg