[ previous ] [ next ] [ threads ]
 
 From:  "David Burgess" <apt dot get at gmail dot com>
 To:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  [m0n0wall] Dual private IP nat issue
 Date:  Wed, 30 May 2007 18:17:10 -0600
Sorry, this was meant for the list.

---------- Forwarded message ----------
From: David Burgess <apt dot get at gmail dot com>
Date: May 30, 2007 1:00 PM
Subject: Re: [m0n0wall] Dual private IP nat issue
To: DevAuto <devauto at gmail dot com>

On 5/29/07, DevAuto <devauto at gmail dot com> wrote:

> Thank you again Bryan, I appreciate it, but those suggestions fall under
> the
> heading "Been there, Tried that, It didn't work". Done that several times
> already, went so far as to reset the m0n0 to factory defaults and start
> from
> scratch, hoping that a previous rule was conflicting ... guess what, it
> didn't work either :)
>
> Thank you again for the suggestions though, they are still well
> appreciated!
>
> --DevAuto
>
> On 5/29/07, Bryan K. Brayton < bryan at sonicburst dot net> wrote:
> >
> > Make sure you have the correct TCP/UDP ports forwarded to the 10.1.1.2
> > address, and also make sure there is a corresponding firewall rule
> > allowing that traffic (easiest to add the NAT rule, and check the
> > "Auto-add a firewall rule" option at the bottom.  It sounds like you've
> > already done that, but it won't hurt to check :-)
> >
> >
> >
> > Also, if you're just checking the FreeNAS config page and it's on port
> > 80/443, you may also want to try moving the port the m0n0 webgui uses.
> > I seem to remember that causing some problems for people.  I don't know
> > if that's the case here, but it's worth a shot.
> >
> >
> >
> > -Bryan
> >
> >
> >
> > ________________________________
> >
> > From: DevAuto [mailto: devauto at gmail dot com]
> > Sent: Tuesday, May 29, 2007 11:32 PM
> > To: Bryan K. Brayton
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Dual private IP nat issue
> >
> >
> >
> > Actually, that was the first thing I did. I guess I should have
> > mentioned it in my first posting. I wish it were that simple :) Thank
> > you for the suggestion though, I do appreciate it.
> >
> > --DevAuto
> >
> > On 5/29/07, Bryan K. Brayton <bryan at sonicburst dot net> wrote:
> >
> > I'm guessing you didn't uncheck the "Block Private Networks" option at
> > the bottom of the Interfaces:WAN configuration page.
> >
> > -Bryan
> >
> > -----Original Message-----
> > From: DevAuto [mailto: devauto at gmail dot com <mailto: devauto at gmail dot com> ]
> > Sent: Tuesday, May 29, 2007 10:06 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] Dual private IP nat issue
> >
> > Hi All,
> >
> > Okay, here is my situation. I have a lan within a lan, split by a
> > m0n0wall
> > box (Soekris Net4501, m0n0wall 1.3b2) on a wireless link (atheros in bss
> > mode). The wireless is configured as the "wan" interface with a
> > 10.x.x.xnetwork configured on the lan interface (also tried isolating
> > as the opt1
> > interface). The wireless connects to another wireless device and pulls a
> > dhcp address from a 192.168.x.x network which is on the backside of a
> > wan
> > link to the internet. Essentially, both lans are in private IP space,
> > one in
> > the 192.168.x.x and the other in the 10.x.x.x range. A basic diagram of
> > my
> > setup is below:
> >
> > (freenas-10.1.1.2) <---> (opt1-10.1.1.1) <---> (wan-192.168.1.2) <--->
> > (wireless bridge) <---> ( lan-192.168.1.1) <---> (wan-dhcp from isp)
> >
> > What I am trying to do is to setup a freenas device in the 10.x.x.x
> > network
> > space and be able to send files to/from it from the 192.168.x.x network.
> > Here is the problem, I cannot seem to get to the freenas box regardless
> > of
> > how I configure access. I have tried building static rules allowing all
> > traffic to that box, no go. I have tried nat to map to the freenas, and
> > at
> > least I could ping it (nmap shows all natted ports as filtered except
> > dns
> > and https), this is the closest I have come to getting it to work. I
> > have
> > tried bridging the interface with the wireless link, another no go. I
> > have
> > tried 1:1 mapping from one side to the other, another failed attempt. I
> > think I have tried just about everything at this point.
> >
> > Can anyone give me any suggestions on how to accomplish this? I am out
> > of
> > ideas, patience and time to play around with this. I can provide more
> > info
> > if needed. What am I doing wrong?
> >



I saw some funny behaviour on 1.3b2 when testing it on a LAN, ie, private IP
on mono's WAN interface. Specifically, the mono had no default route whether
using static IP or dhcp on its WAN, so any packet not destined specifically
for the LAN or WAN subnet was "lost". Maybe this has something to do with
your problem?

db