[ previous ] [ next ] [ threads ]
 
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 To:  "Roland Giesler" <roland at thegreentree dot za dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Two m0n0walls that connect LAN via WAN?
 Date:  Fri, 9 Nov 2007 20:14:20 -0500 
Under Interfaces -> WAN, have you unchecked the "Block private networks" option at the bottom of the
page on both m0n0walls?

-Bryan


-----Original Message-----
From: Roland Giesler [mailto:roland at thegreentree dot za dot net]
Sent: Fri 11/9/2007 10:17 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Two m0n0walls that connect LAN via WAN?
 
I have two LANs that must be connected to each other via a WAN link
from/to each LAN. The link is provided by the same network provider on
both ends.  So I have:

LAN1 <--> m0n0 <--> WANRouter1 <-----> NetworkHUBofSP <----->
WANRouter2 <--> m0n0 <--> LAN2

LAN1 uses 172.16.3.0/24 and LAN2 uses 172.16.4.0/24 and the SP has
added routes in the NetworkHUB that will route traffic between the two
network.  This works and can be confirmed by being able to tracert and
ping the remote site's hosts (various PC's) from the WANRouters on
each end.

I have a default route set on each router, back to the NetworkHUB
(public IPs) and the infrastructure is provided by means of a VPN, so
the traffic is encrypted.

Just so I don't have a mistake in my setup I have created a rule at
the top of my WAN rules list in each m0n0 that says to allow all
traffic from all networks to all ports on all networks.  (Not a good
permanent idea, but at least it rules out the possiblity of some
obscure error in my setup I think)

Now the problem:  I can ping/traceroute to the LAN port of both m0n0's
from the other network, but I cannot do the same with the two windows
domain controllers that are on this LAN's.   Is there some special
requirement to get the windows server to respond to pings/traceroutes
from the WAN?  Their default gateways are correct and they respond
just fine to pings/traceroutes fromt the locally attached m0n0walls?

Maybe I'm doing something else wrong here?  Something I'm not taking
into consideration?

thanks all

-- 
Roland Giesler
Green Tree Systems cc, Stellenbosch, South Africa
Mobile: 072-450-2817   http://www.thegreentree.za.net

Shop online at http://www.digitalplanet.co.za/?AID=497

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch