[ previous ] [ next ] [ threads ]
 
 From:  "Roland Giesler" <roland at giesler dot za dot net>
 To:  "Monowall List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Accessing optional network from LAN
 Date:  Wed, 13 Dec 2006 11:14:48 +0200
When one has set up an optional interface (OPT) (either with an
Captive Portal or without) I run into a problem.  While there are many
articles on the web that describe how to set up a DMZ and specifically
how to prevent or allow the OPT client from accessing the LAN ip
address, none can be found that explain how to do the opposite.

I would like to / need to have access to the networks that connect via
OPT to the firewall from the LAN.  I have played with all sorts of
rules, but none seem to be able to allow me to ping (for example) even
the next hop on the OPT connection.

   L
   A
   N
   |
   |
[M0N0WALL]---[OPT]----[various wifi AP's]
   |
   |
   W
   A
   N

I have set up 10.10.10.1 as the address of the OPT interface and the
connected wifi AP is 10.10.10.2

Do I have to set up a static route to be able to access 10.10.10.2 or
is there some other method that allows this?

From the firewall I can ping 10.10.10.1 and 10.10.10.2. but not from the LAN.

Help would be much appreciated.

-- 
Roland Giesler
Green Tree Systems cc
Stellenbosch, South Africa
+27 (0)72-450-2817
http://www.thegreentree.za.net

Order free-range lamb now at http://www.meat.za.net