mtnbkr a écrit :
> Yannick Bréhon wrote:
>> Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN
>> interface is 192.168.128.0 / 17.
>> the "real" IP address is behind my ADSL box with 192.168.1.1
>> So it looks like this:
>> | |
>> BOX Monowall
>> Problem is that I would like my BOX to SSH into the "monowalled"
>> network, without NATting through the Monowall, but using "regular"
>> Is that not possible??
> Hi Yannick. First, you need to make sure to uncheck the "Block private
> networks" box in the Interface --> WAN page
> Next, you will need to set a static route on the box called "BOX" that
> "to get to network 192.168.128.0/17 use the IP address of m0n0wall's WAN."
> eg: if BOX is Linux, then as root do:
> route add -net 192.168.128.0 netmask 255.255.128.0 gw ip.of.m0n0.wall
> Hope this helps.
> Bill Arlofski
> Reverse Polarity, LLC
Thanks for your answer; unfortunately, I had already done both
suggestions you had (uncheck "block private networks" and add the static
route). The problem is not for "BOX" to send packets to 192.168.128.0/17
(i see them incoming using Wireshark) but for the return packets which
are filtered (i see them as being blocked by the monowall firewall,
although it *does* have a firewall state created for the BOX->LAN
direction!). This is really puzzling to me...