There must be a simpler way than adding a static route on every client
on LAN1. Since the originating packets are being routed to LAN1 via OPT1
(192.168.1.4) the return path should be via OPT1 (assuming the packets
are being routed properly) so each client shouldn't need to be given a
static route. Even if the clients don't know the return path, then the
packets should be passed to the router (m0n01) that knows where to send
packets to reach LAN2 (by static route).
Does anyone have any answers? (I have some 100 clients on LAN1 and don't
want to add static routes to each one)
Christoph Hanle wrote:
> Daniel Davis wrote:
>> I am having an issue routing between my LAN2 and OPT2. The network is
>> set up as such:
>> WAN1 WAN2
>> | |
>> | |
>> m0n01 ----- LAN1 ----- (SWITCH) ----- OPT2 ----- m0n01
>> | |
>> | |
>> OPT1 LAN2
>> There are two m0n0wall boxes (m0n01 and m0n02) each with three interfaces.
>> I need to keep LAN2 protected from LAN1 but I need access to LAN1 from
>> OPT1 - Is on 192.168.2.0/24 (OPT1 IP 192.168.2.254)
>> LAN1 - Is on 192.168.1.0/24 (LAN1 IP 192.168.1.254)
>> LAN2 - Is on 192.168.0.0/24 (LAN2 IP 192.168.0.1)
>> OPT2 - Has address 192.168.1.4
>> If I set up all the firewall rules to allow access from LAN1 to LAN2
>> (with a static route on m0n01 that points 192.168.0.0/24 requests to
>> 192.168.1.4) I can ping everything on LAN2 from LAN1 but I can't ping
>> anything on LAN1 (Other than the OPT2 interface address: 192.168.1.4)
>> from LAN2.
> I have a simillar network sucessfull running, but had the same problems.
> You have to add a static route on every client inside LAN1 that points
> 192.168.0.0/24 requests to 192.168.1.4. you also have to disable the
> disatrous "Block private networks" and build your own rules in the right
> figure out the way of traffic between LAN1 and LAN2:
> 1.1. request from LAN2: LAN2->192.168.0.1:(nat)192.168.1.4->LAN1
> 1.2. answer: LAN1-> 192.168.1.4:(nat)192.168.0.1 -> LAN2
> 1.3. both ways are the same, also is LAN2 to LAN1 possible.
> 2.1. request from LAN1: LAN1-> 192.168.1.254-> 192.168.1.4:(nat)
> 192.168.0.1 -> LAN2
> 2.2 answer: LAN2->192.168.0.1:(nat)192.168.1.4->LAN1
> 2.3 no correct traffic possible, because of missmatch of the routes.
> I have not figured out if this is a generally routing problem or a
> m0n0wall specific one, or if there are other possible solutions for
> solving the problem.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch