Re: [m0n0wall] Firewall not respecting rules ?!?

From:	mtnbkr <waa dash m0n0wall at revpol dot com>
To:	=?ISO-8859-1?Q?Yannick_Br=E9hon?= <y dot brehon at qiplay dot com>
Cc:	sai <sonicsai at gmail dot com>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Firewall not respecting rules ?!?
Date:	Mon, 21 Jul 2008 08:48:53 -0400

Yannick Bréhon wrote:
 > Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN
 > interface is 192.168.128.0 / 17.
 > the "real" IP address is behind my ADSL box with 192.168.1.1
 >
 > So it looks like this:
 >
 > Internet
 >    |
 > 192.168.1.1
 >    |
 >  ----------
 >  |        |
 > BOX      Monowall
 >              |_192.168.128.0/17
 >
 > Problem is that I would like my BOX to SSH into the "monowalled"
 > network, without NATting through the Monowall, but using "regular" routing.
 > Is that not possible??


Hi Yannick. First, you need to make sure to uncheck the "Block private 
networks" box in the Interface --> WAN page

Next, you will need to set a static route on the box called "BOX" that says:

"to get to network 192.168.128.0/17 use the IP address of m0n0wall's WAN."


eg: if BOX is Linux, then as root do:

route add -net 192.168.128.0 netmask 255.255.128.0 gw ip.of.m0n0.wall

Hope this helps.

--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/