[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Yannick_Br=E9hon?= <y dot brehon at qiplay dot com>
 To:  sai <sonicsai at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall not respecting rules ?!?
 Date:  Mon, 21 Jul 2008 14:38:40 +0200
Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN
interface is 192.168.128.0 / 17.
the "real" IP address is behind my ADSL box with 192.168.1.1

So it looks like this:

Internet
   |
192.168.1.1
   |
 ----------
 |        |
BOX      Monowall
             |_192.168.128.0/17

Problem is that I would like my BOX to SSH into the "monowalled"
network, without NATting through the Monowall, but using "regular" routing.
Is that not possible??



> assuming your LAN is private IP addresses and your WAN is real ip addresses
> 
> <1> you need to add NAT rules.
> <2> ping is not good at being natted....if you have many pings going
> at the same time some may not work
> 
> sai
> 
> 

>> Hello!
>>  I have been using m0n0 for quite a while now as my company's router and
>>  firewall, with great results I must say, but I have recently run into
>>  some trouble while changing things in my network.
>>
>>  I have computers sitting behind the WAN interface, and others behind the
>>  LAN one. Even when I add "pass-all" rules on both those interfaces, (and
>>  reset states), m0n0 doesn't let traffic go from LAN to WAN in some very
>>  specific circumstances. These are resumed here:
>>  LAN will ping WAN without any trouble
>>  WAN will ping LAN, the LAN computers receive the PING request, send a
>>  PING response which is filtered by m0n0.
>>  Same thing with SSH, etc (i.e.: computers sitting on the LAN side can
>>  easily ssh into boxes on the WAN side, but the contrary is not true. WAN
>>  computers receive the TCP open packet, reply, and the m0n0wall filters
>>  this reply)
>>
>>  I even see the firewall log saying it has actively filtered the TCP
>>  responses from LAN to WAN, though I have no "block" rules setup... In
>>  fact there is even a proper state created in the firewall states in the
>>  WAN->LAN direction, and yet the replies are blocked.
>>
>>  I am really puzzled by this behavior, and would appreciate any help and
>>  advice you might have!
>>
>>  Thank you very much,
>>  Yannick
>>
>>  ---------------------------------------------------------------------
>>  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
>