Lynn Grant wrote:
> I am having trouble with a new m0n0wall installation. I suspect that
> the problem is a hole in my understanding of things, and I am hoping
> that some of you can enlighten me.
> We have a m0n0wall with the WAN going to the Internet with a fixed IP
> address, and a couple of computers on the LAN, using regular NAT
> (192.168.20.0/24). So far, everything is wonderful, even the VPNs we
> have going to two other offices.
> There is another LAN in the office (192.168.2.0/24) for the VOIP phones.
> In order to solve some cabling problems (i.e., not enough cables running
> where we need them) we wanted to put a couple of the VOIP phones on our
> 192.168.20.0/24 LAN. The phones get their IP addresses via DHCP, and
> then they talk to a TFTP server for initialization information. They
> *know* what TFTP server they want to talk to--they do not get that
> information from DHCP like diskless workstations do.
> So we hooked the OPT connection up to the phone LAN (192.168.2.0/24) and
> gave the interface an available IP address on that LAN (192.168.2.201).
> The phones get assigned IP addresses OK from the m0n0's DHCP server, but
> they cannot get to the 192.168.2.0/24 LAN to talk to their TFTP server.
> In the log, I see a bunch of messages like this:
> kernel: arpresolve: can't allocate route for 192.168.2.1
> kernal: arplookup 192.168.2.1 failed: host is not on local network
> I have allow-everything rules on both the LAN and OPT interfaces, but
> that doesn't seem to matter, because it is not getting as far as the
> So it doesn't know how to find the 192.168.2.0/24 LAN from the
> 192.168.20.0/24 LAN. I thought a static route would do the job, so I
> added one with a range of 192.168.2.0/24, a gateway of 192.168.2.1, and
> an interface of OPT. That didn't help. (In retrospect, that was
> probably predictable, since it is the gateway itself that it cannot
> Am I missing something in my configuration? Or is this setup really too
> much like a multi-WAN setup, and beyond the scope of m0n0wall?
> Thanks for your help!
> Lynn Grant
Have you created correct firewall rules to allow traffic unNATed between
the two LANs?
You'll need to disable advanced outbound NAT and create the rules there,
and the firewall rules. Can a host plugged into the voice LAN ping the