Yep that was it. I had the route setup on the Wan interface. Went back and
selected my OPT4 interface and voila it worked.
Thanks for the help.
----- Original Message -----
From: "Chris Buechler" <cbuechler at gmail dot com>
To: "Mark Rinaudo" <mark at preferreddatasolutions dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, June 01, 2008 9:18 PM
Subject: Re: [m0n0wall] Configuration / Limitation of m0n0wall
> On Sun, Jun 1, 2008 at 10:14 PM, Mark Rinaudo
> <mark at preferreddatasolutions dot com> wrote:
>> Well here goes my issue. I've searched through the mailing list archives
>> but I haven't found anything quite like my setup.
>> Here's a diagram of what I'm talking about
>> OPT4 (10.10.10.1 vlan*)
>> <---------------------------------> Wan (10.10.10.2)
>> [Customer's Router/Firewall]
>> Lan ( *.*.*.*/27)
>> I had a customer that wanted to run his own router/firewall for his own
>> /27 of public IP's.
>> Now I only have a /24 so in order to route to him a /27 without using
>> anymore public IP's up, I setup an opt interface on the LAN interface
>> with a private address and had the customer setup a corresponding address
>> so that his router could talk to the interface on M0n0wall. Well after
>> getting everything setup incoming worked like a charm. I could access his
>> router's public ip which fell on the Lan side of his router and I could
>> access his /27 going through the m0n0wall and the customer's router.
>> However outgoing access from one of the customers servers sitting on the
>> /27 would not work. I put a rule on the opt interface to allow everything
>> through but for some reason m0n0wall was still blocking the traffic which
>> was seen in the logs. So i went to the status.php page
>> and took a look at the rules that were running and found something very
>> interesting. I guess at some point m0n0wall put an allow for all traffic
>> for the 10.10.10.0/24 network since that was the subnet for that OPT
>> interface and then it denied everything else. Now I did see in the FAQ
>> about disabling NAT which I did but this was a firewall issue because i
>> could see that it was blocking it. I'm thinking the problem stems from
>> M0n0wall only expecting traffic from the subnet 10.10.10.0/24 and not
>> from any other network and especially not from a public /27.
> Sounds like you're missing a static route on that interface. Static
> routes open the antispoofing rules. Add one and it will let that
> subnet through.