[ previous ] [ next ] [ threads ]
 From:  "David Burgess" <apt dot get at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] multiple subnets on single LAN interface?
 Date:  Tue, 6 Mar 2007 16:24:22 -0700
On 3/6/07, krt <kkrrtt at gmail dot com> wrote:
> Short Answer: No
> Long Answer:
> You have to route your packets if you do not participate in those
> subnets with a local interface.

By "route your packets" are you referring to routing table
modifications on my client machine? Or routing table modifications to
the m0n0wall? Because the latter is kind of where I was trying to go,
and without success.

> Why not run the DHCP server with a range of IP addresses from the
> that you've reserved as the "DHCP RANGE" and that you will
> not and do not have current static assignments in?

This is an option, but it means lots and lots of people not having
internet access until they renew their dhcp lease, which in many cases
would mean a week up to a month without internet. And no, most of
these people aren't savvy enough to try that on their own, and no, I
won't be fielding all the angry phone calls. So basically it's not a
very practical option for us.

So is there a really long answer that wasn't included in the first
response? I'm not averse to reading up if there's a way to do this.
I'm just not finding anything really relevant in my searches so far.

For what it's worth, here's an interesting excerpt from m0n0wall's
System:Advanced page:

"Bypass firewall rules for traffic on the same interface
This option only applies if you have defined one or more static
routes. If it is enabled, traffic that enters and leaves through the
same interface will not be checked by the firewall..."

Am I wrong in inferring that if traffic enters an interface,
potentially passes through the firewall, then leaves the same
interface, then said traffic must have differing source and
destination subnets, which is basically what I'm trying to implement.
Am I misinterpreting the function of a static route here?


> David Burgess wrote:
> > I'm not sure if I'm going down a blind alley here, but it seems to me
> > there must be a way to access a subnet other than one's own without
> > crossing the firewall. Here's my m0n0wall's basic setup:
> >
> > WAN: static public IP address
> > LAN:, running dhcpd
> >
> > Our clients all get IPs from the LAN dhcpd.
> > Meanwhile, our equipment all have static IP addresses on the subnet
> > Currently, to connect with a piece of equipment one
> > must change one's IP address manually to the 172.16/16 subnet. Is
> > there not a way using static routes to maintain one's 10/16 address
> > and have the m0n0wall redirect 172.16/16 requests to the appropriate
> > equipment on the LAN? I tried adding a static route thus:
> >
> > 172.16            UGS         0      126    [LAN]
> >
> > but no dice. I tried a similar entry, using as the gateway,
> > but nothing still. Is this possible? Can somebody point me to a
> > resource if it's not a simple fix? Please don't tell me to change my
> > equipment to the 10/16 subnet, as we're talking about ~300 items here.
> > I'll consider that a last resort, along with manually changing my IP
> > to the 172.16/16 every time I want to have a look.
> >
> > Thanks,
> > db
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >