[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Yannick_Br=E9hon?= <y dot brehon at qiplay dot com>
 To:  waa dash m0n0wall at revpol dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall not respecting rules ?!?
 Date:  Mon, 21 Jul 2008 15:27:30 +0200
> 

>> Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN
>> interface is 192.168.128.0 / 17.
>> the "real" IP address is behind my ADSL box with 192.168.1.1
>>
>> So it looks like this:
>>
>> Internet
>>    |
>> 192.168.1.1
>>    |
>>  ----------
>>  |        |
>> BOX      Monowall
>>              |_192.168.128.0/17
>>
>> Problem is that I would like my BOX to SSH into the "monowalled"
>> network, without NATting through the Monowall, but using "regular"
> routing.
>> Is that not possible??
> 
> 
> Hi Yannick. First, you need to make sure to uncheck the "Block private
> networks" box in the Interface --> WAN page
> 
> Next, you will need to set a static route on the box called "BOX" that
> says:
> 
> "to get to network 192.168.128.0/17 use the IP address of m0n0wall's WAN."
> 
> 
> eg: if BOX is Linux, then as root do:
> 
> route add -net 192.168.128.0 netmask 255.255.128.0 gw ip.of.m0n0.wall
> 
> Hope this helps.
> 
> -- 
> Bill Arlofski
> Reverse Polarity, LLC
> http://www.revpol.com/
> 
> 

Hi Bill,
Thanks for your answer; unfortunately, I had already done both
suggestions you had (uncheck "block private networks" and add the static
route). The problem is not for "BOX" to send packets to 192.168.128.0/17
(i see them incoming using Wireshark) but for the return packets which
are filtered (i see them as being blocked by the monowall firewall,
although it *does* have a firewall state created for the BOX->LAN
direction!). This is really puzzling to me...
Thanks,
Yannick