Re: [m0n0wall] m0n0wall and ADSL router: all traffic is blocked

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] m0n0wall and ADSL router: all traffic is blocked
Date:	Wed, 21 Jun 2006 14:21:17 -0400

On 6/20/06, Christian Graffeuille <frachg at yahoo dot fr> wrote:
>
>
>   (Internet)
>      |
>        |
> (WAN: Dynamic Public IP)
>    Dynalink RTA300 ADSL router, NAT, DNS proxy
> (LAN: 192.168.0.1/22)
>      |
>      |
> (WAN: 192.168.0.2/27  GW: 192.168.0.1)

Here's one issue.  You can't mix and match subnets like this.  The LAN
of your ADSL and the WAN of your m0n0wall need to be on the same
subnet, and it shouldn't include all the networks behind m0n0wall.

I'd leave the ADSL LAN as the same IP it is now, but change it to a
/30 subnet mask.  Then change m0n0wall's WAN to a /30 as well, leaving
the rest on the WAN the same.  Then disable NAT in m0n0wall (see FAQ),
add firewall rules on every interface permitting anything to anything
(temporary for testing purposes) and add static routes to your ADSL
router to point 192.168.1.0/24 and 192.168.2.0/24 to 192.168.0.2
(m0n0wall WAN).

> (LAN: 192.168.1.2/24) (DMZ 192.168.2.34/29)
>      |                      |
>      |                      |
> (PCs: 192.168.1.1/22)  (DMZ: 192.168.2.35/22)
>

Here you're mixing and matching subnet masks again.  The PC's and DMZ
machines need to be the same as the corresponding m0n0wall interface.

-Chris