[ previous ] [ next ] [ threads ]
 
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Dual private IP nat issue
 Date:  Tue, 29 May 2007 22:43:03 -0400 
I'm guessing you didn't uncheck the "Block Private Networks" option at
the bottom of the Interfaces:WAN configuration page.

-Bryan

-----Original Message-----
From: DevAuto [mailto:devauto at gmail dot com] 
Sent: Tuesday, May 29, 2007 10:06 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Dual private IP nat issue

Hi All,

Okay, here is my situation. I have a lan within a lan, split by a
m0n0wall
box (Soekris Net4501, m0n0wall 1.3b2) on a wireless link (atheros in bss
mode). The wireless is configured as the "wan" interface with a
10.x.x.xnetwork configured on the lan interface (also tried isolating
as the opt1
interface). The wireless connects to another wireless device and pulls a
dhcp address from a 192.168.x.x network which is on the backside of a
wan
link to the internet. Essentially, both lans are in private IP space,
one in
the 192.168.x.x and the other in the 10.x.x.x range. A basic diagram of
my
setup is below:

(freenas-10.1.1.2) <---> (opt1-10.1.1.1) <---> (wan-192.168.1.2) <--->
(wireless bridge) <---> (lan-192.168.1.1) <---> (wan-dhcp from isp)

What I am trying to do is to setup a freenas device in the 10.x.x.x
network
space and be able to send files to/from it from the 192.168.x.x network.
Here is the problem, I cannot seem to get to the freenas box regardless
of
how I configure access. I have tried building static rules allowing all
traffic to that box, no go. I have tried nat to map to the freenas, and
at
least I could ping it (nmap shows all natted ports as filtered except
dns
and https), this is the closest I have come to getting it to work. I
have
tried bridging the interface with the wireless link, another no go. I
have
tried 1:1 mapping from one side to the other, another failed attempt. I
think I have tried just about everything at this point.

Can anyone give me any suggestions on how to accomplish this? I am out
of
ideas, patience and time to play around with this. I can provide more
info
if needed. What am I doing wrong?

-- 
DevAuto
Failure is not an option ... it comes bundled with your Micro$oft
solution!