[ previous ] [ next ] [ threads ]
 
 From:  Dany Nativel <dany underscore list at natzo dot com>
 To:  Adam Nellemann <adam at nellemann dot nu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Bridging without bridge?
 Date:  Wed, 28 Jan 2004 15:06:30 -0500 
Using PPTP I was able to secure my WLAN connection using OPT1 (external 
Access Point). The OPT1 is on a 10.112.x.x subnet.
As soon as the user authenticates, he gets a virtual IP address within 
the LAN subnet so I don't have to setup any static route. The only rules 
I used are :
--> for OPT1 :
GRE * * * *
TCP * * * 1723

--> for PPTP
* * * * *

I'm not sure if that answers your question but I thought it was 
interesting to share. Anyway, below you'll also find more about this 
configuration.

INTERFACES
LAN : 192.168.0.10/24
WAN : DHCP
OPT1 : bridge:none
             ip address : 10.112.0.1/24

RULES
PPTP clients
* * * * *

OPT1 interface
GRE * * * *
TCP * * * 1723

LAN 
* * * * *

SERVICES :  DHCP
-   LAN    192.168.0.1 to 192.168.0.9
-   OPT1  10.112.0.2 to 10.112.0.10

VPN : PPTP
Enable : yes
Server address : 192.168.0.200
Remote address range : 192.168.0.208

VPN: PPTP: User
....



Adam Nellemann wrote:

>Hi,
>
>I need to be able to pass packets between my LAN and my OPT1 (WiFi)
>interfaces. While I know this can be done by bridging the OPT1 to the
>LAN, I would prefer not to have the same subnet on the two interfaces.
>
>I'm I wrong in assuming that it should be possible, either by the right
>set or rules, or with static routes, to acomplish this?
>
>It seem to work for my brother on his 4501, but my generic-PC won't let
>ANY packages through from my WiFi to my LAN or viceversa?
>
>I have rules to pass any on LAN -> any and any on OPT1 -> any. (would
>like to restrict this a bit, but for now I use these very open rules to
>ensure it isn't the rules being too strict that cause the problems. I've
>even tried setting the source to any as well, but the above rules work
>for my brother.)
>
>No matter what your suggestions are, I'd like some info about static
>routes anyway:
>
>Sometimes, as I've experimented with these, I succeed in getting
>m0n0wall to stop responding. Usually a manual reboot will cure this. Is
>this due to me accidentially setting up some kind of "bad" static route
>(ie causing some kind of loop) or is this a bug in m0n0wall? (If not a
>bug, could you provide a, very short, tutorial as to how a typical
>static route between two interfaces/subnets will look?)
>
>
>Thanks,
>
>Adam Nellemann.
>
>
>P.S. Once again, I hope I've not missed a previous post on this topic. I
>was at a loss regarding what to search for? Also, how does one see the
>thread replies in the archive?
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>  
>