[ previous ] [ next ] [ threads ]
 From:  Christoph Hanle <christoph dot hanle at leinpfad dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routing between LAN and OPT1
 Date:  Sat, 6 Jan 2007 10:11:35 +0100 (MET)
Daniel Davis wrote:
> Hi,
> I am having an issue routing between my LAN2 and OPT2. The network is
> set up as such:
> WAN1                                             WAN2
>  |                                                 |
>  |                                                 |
> m0n01 ----- LAN1 ----- (SWITCH) ----- OPT2 ----- m0n01
>  |                                                 |
>  |                                                 |
> OPT1                                              LAN2
> There are two m0n0wall boxes (m0n01 and m0n02) each with three interfaces.
> I need to keep LAN2 protected from LAN1 but I need access to LAN1 from
> LAN2.
> OPT1 - Is on (OPT1 IP
> LAN1 - Is on (LAN1 IP
> LAN2 - Is on (LAN2 IP
> OPT2 - Has address
> If I set up all the firewall rules to allow access from LAN1 to LAN2
> (with a static route on m0n01 that points requests to
> I can ping everything on LAN2 from LAN1 but I can't ping
> anything on LAN1 (Other than the OPT2 interface address:
> from LAN2.
> [..]
I have a simillar network sucessfull running, but had the same problems.
You have to add a static route on every client inside LAN1 that points requests to you also have to disable the
disatrous "Block private networks" and build your own rules in the right
figure out the way of traffic between LAN1 and LAN2:
1.1. request from LAN2: LAN2->>LAN1
1.2. answer: LAN1-> -> LAN2
1.3. both ways are the same, also is LAN2 to LAN1 possible.
2.1. request from LAN1: LAN1->> -> LAN2
2.2 answer: LAN2->>LAN1
2.3 no correct traffic possible, because of missmatch of the routes.

I have not figured out if this is a generally routing problem or a
m0n0wall specific one, or if there are other possible solutions for
solving the problem.