[ previous ] [ next ] [ threads ]
 
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 To:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Dual private IP nat issue
 Date:  Wed, 30 May 2007 20:26:01 -0400
The other thing to try would be to turn off NAT entirely in both
directions, though you'd need to add a static route on the router
upstream of the m0n0, or maybe some ARP proxying.

-Bryan

-----Original Message-----
From: David Burgess [mailto:apt dot get at gmail dot com] 
Sent: Wednesday, May 30, 2007 8:17 PM
To: Monowall Support List
Subject: [m0n0wall] Dual private IP nat issue

Sorry, this was meant for the list.

---------- Forwarded message ----------
From: David Burgess <apt dot get at gmail dot com>
Date: May 30, 2007 1:00 PM
Subject: Re: [m0n0wall] Dual private IP nat issue
To: DevAuto <devauto at gmail dot com>

On 5/29/07, DevAuto <devauto at gmail dot com> wrote:

> Thank you again Bryan, I appreciate it, but those suggestions fall
under
> the
> heading "Been there, Tried that, It didn't work". Done that several
times
> already, went so far as to reset the m0n0 to factory defaults and
start
> from
> scratch, hoping that a previous rule was conflicting ... guess what,
it
> didn't work either :)
>
> Thank you again for the suggestions though, they are still well
> appreciated!
>
> --DevAuto
>
> On 5/29/07, Bryan K. Brayton < bryan at sonicburst dot net> wrote:
> >
> > Make sure you have the correct TCP/UDP ports forwarded to the
10.1.1.2
> > address, and also make sure there is a corresponding firewall rule
> > allowing that traffic (easiest to add the NAT rule, and check the
> > "Auto-add a firewall rule" option at the bottom.  It sounds like
you've
> > already done that, but it won't hurt to check :-)
> >
> >
> >
> > Also, if you're just checking the FreeNAS config page and it's on
port
> > 80/443, you may also want to try moving the port the m0n0 webgui
uses.
> > I seem to remember that causing some problems for people.  I don't
know
> > if that's the case here, but it's worth a shot.
> >
> >
> >
> > -Bryan
> >
> >
> >
> > ________________________________
> >
> > From: DevAuto [mailto: devauto at gmail dot com]
> > Sent: Tuesday, May 29, 2007 11:32 PM
> > To: Bryan K. Brayton
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Dual private IP nat issue
> >
> >
> >
> > Actually, that was the first thing I did. I guess I should have
> > mentioned it in my first posting. I wish it were that simple :)
Thank
> > you for the suggestion though, I do appreciate it.
> >
> > --DevAuto
> >
> > On 5/29/07, Bryan K. Brayton <bryan at sonicburst dot net> wrote:
> >
> > I'm guessing you didn't uncheck the "Block Private Networks" option
at
> > the bottom of the Interfaces:WAN configuration page.
> >
> > -Bryan
> >
> > -----Original Message-----
> > From: DevAuto [mailto: devauto at gmail dot com <mailto: devauto at gmail dot com>
]
> > Sent: Tuesday, May 29, 2007 10:06 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] Dual private IP nat issue
> >
> > Hi All,
> >
> > Okay, here is my situation. I have a lan within a lan, split by a
> > m0n0wall
> > box (Soekris Net4501, m0n0wall 1.3b2) on a wireless link (atheros in
bss
> > mode). The wireless is configured as the "wan" interface with a
> > 10.x.x.xnetwork configured on the lan interface (also tried
isolating
> > as the opt1
> > interface). The wireless connects to another wireless device and
pulls a
> > dhcp address from a 192.168.x.x network which is on the backside of
a
> > wan
> > link to the internet. Essentially, both lans are in private IP
space,
> > one in
> > the 192.168.x.x and the other in the 10.x.x.x range. A basic diagram
of
> > my
> > setup is below:
> >
> > (freenas-10.1.1.2) <---> (opt1-10.1.1.1) <---> (wan-192.168.1.2)
<--->
> > (wireless bridge) <---> ( lan-192.168.1.1) <---> (wan-dhcp from isp)
> >
> > What I am trying to do is to setup a freenas device in the 10.x.x.x
> > network
> > space and be able to send files to/from it from the 192.168.x.x
network.
> > Here is the problem, I cannot seem to get to the freenas box
regardless
> > of
> > how I configure access. I have tried building static rules allowing
all
> > traffic to that box, no go. I have tried nat to map to the freenas,
and
> > at
> > least I could ping it (nmap shows all natted ports as filtered
except
> > dns
> > and https), this is the closest I have come to getting it to work. I
> > have
> > tried bridging the interface with the wireless link, another no go.
I
> > have
> > tried 1:1 mapping from one side to the other, another failed
attempt. I
> > think I have tried just about everything at this point.
> >
> > Can anyone give me any suggestions on how to accomplish this? I am
out
> > of
> > ideas, patience and time to play around with this. I can provide
more
> > info
> > if needed. What am I doing wrong?
> >



I saw some funny behaviour on 1.3b2 when testing it on a LAN, ie,
private IP
on mono's WAN interface. Specifically, the mono had no default route
whether
using static IP or dhcp on its WAN, so any packet not destined
specifically
for the LAN or WAN subnet was "lost". Maybe this has something to do
with
your problem?

db