[ previous ] [ next ] [ threads ]
 
 From:  "Mark Jawdoszak" <MarkJ at logsysgroup dot com>
 To:  "Don Munyak" <don dot munyak at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: m0n0wall behind m0n0wall
 Date:  Wed, 16 Aug 2006 09:31:54 +0100 
My suggestion WAS going to be, try the whole configuration using DHCP,
as that's what has worked for us in the past.

We've also had similar problems when setting static IP's on the WAN
interface.  Couple of things that we've done and have in place, that MAY
help:
Check "block private networks" unchecked - you've already done this, but
I'll leave it in my 'check-list'
Check your gateway IP
You're also going to need NAT's (or at least, that's my suggestion :P).
What's worked for us, is setting up 1:1 NAT'ing for each IP (we haven't
managed to get any of the NAT ranges to work, so we just fall back on
this method).  Eg: "WAN 192.168.1.1/32 192.168.1.1/32 Test IP" where
each part is in this order: Interface, External IP, Internal IP,
Description.

Hope some of this helps, and again I apologies if you've already tried
this, or none of it works etc etc.

Mark Jawdoszak
markj at logsysgroup dot com

-----Original Message-----
From: Don Munyak [mailto:don dot munyak at gmail dot com] 
Sent: 14 August 2006 22:16
To: m0n0wall at lists dot m0n0 dot ch
Subject: m0n0wall behind m0n0wall

m0n0wall behind m0n0wall

I have a test network setup within our LAN.
the core firewall/gateway is m0n0(1)
the test network has a second router, m0n0(2)

ISP---m0n0(1)---LAN---m0n0(2)---TEST LAN

m0n0(1) LAN nic/gateway is 192.168.222.1

m0n0(2) WAN nic is 192.168.222.99
m0n0(2) LAN nic is 192.168.18.1
m0n0(2) DNS points to a DNS serer in 192.168.222.0 network
m0n0(2) has block private IP's DISABLED (not checked)

No static routes have been asigned in either box.

With this configuration I can not get past the wan IP for m0n0(2),
outbound from TEST LAN.

If I remove the the static IP on m0n0(2) and make DHCP, everything works
fine.
We have a DHCP server on the LAN network.

-- What I am trying to accomplish....

The equipment on the TEST LAN network behind the second m0n0wall(2)
has equipment we will be moving to a data center. I want to access the
servers in the TEST LAN (192.168.18.0) from the primary LAN network
(192.168.222.0)
I would like to configure m0n0(2) with a static WAN IP, so that I can
create rules in the firewall for neccessary services to be hosted in
the real world.


This message and any attachments are intended for the stated recipient only and in no
way constitute a binding contractual agreement, order, or commitment by the sender
WHO IS NOT TO BE BOUND BY ANYTHING CONTAINED HEREIN. If you have
received this message in error, please return it to the sender, indicating such and then
delete and destroy all copies in your possession.