|
||||||||||
mtnbkr a écrit : > > Yannick Bréhon wrote: >> Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN >> interface is 192.168.128.0 / 17. >> the "real" IP address is behind my ADSL box with 192.168.1.1 >> >> So it looks like this: >> >> Internet >> | >> 192.168.1.1 >> | >> ---------- >> | | >> BOX Monowall >> |_192.168.128.0/17 >> >> Problem is that I would like my BOX to SSH into the "monowalled" >> network, without NATting through the Monowall, but using "regular" > routing. >> Is that not possible?? > > > Hi Yannick. First, you need to make sure to uncheck the "Block private > networks" box in the Interface --> WAN page > > Next, you will need to set a static route on the box called "BOX" that > says: > > "to get to network 192.168.128.0/17 use the IP address of m0n0wall's WAN." > > > eg: if BOX is Linux, then as root do: > > route add -net 192.168.128.0 netmask 255.255.128.0 gw ip.of.m0n0.wall > > Hope this helps. > > -- > Bill Arlofski > Reverse Polarity, LLC > http://www.revpol.com/ > > Hi Bill, Thanks for your answer; unfortunately, I had already done both suggestions you had (uncheck "block private networks" and add the static route). The problem is not for "BOX" to send packets to 192.168.128.0/17 (i see them incoming using Wireshark) but for the return packets which are filtered (i see them as being blocked by the monowall firewall, although it *does* have a firewall state created for the BOX->LAN direction!). This is really puzzling to me... Thanks, Yannick |