[ previous ] [ next ] [ threads ]
 
 From:  Lyle Giese <lyle at lcrcomputer dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  [Fwd: Re: [m0n0wall] NAT - port forwarding from the non-WAN subnet]
 Date:  Sat, 06 Jun 2009 19:13:44 -0500
I keep hitting reply and it does not go to the list with Thunderbird..

Sorry.

-------- Original Message --------
Subject: 	Re: [m0n0wall] NAT - port forwarding from the non-WAN subnet
Date: 	Sat, 06 Jun 2009 19:12:42 -0500
From: 	Lyle Giese <lyle at lcrcomputer dot net>
To: 	Lee Sharp <leesharp at hal dash pc dot org>
References: 	<4A2886DE dot 4020603 at lcrcomputer dot net>
<be1a19be0906051510j509dbd4dt8514f25e4ff0a2f at mail dot gmail dot com>
<4A29D4FB dot 4070004 at lcrcomputer dot net>
<be1a19be0906051948h46bbff87n284fc931b835e05b at mail dot gmail dot com>
<4A2A782A dot 4020802 at lcrcomputer dot net>
<be1a19be0906061034h674536ccpaeeaa9db0feee404 at mail dot gmail dot com>
<4A2AADAD dot 4070306 at lcrcomputer dot net> <4A2AF6EC dot 8050806 at hal dash pc dot org>



Lee Sharp wrote:
> Lyle Giese wrote:
>> That may explain things, but no I am not wanting multiWAN.  I just
>> want the private subnet on sis1 to have direct access to the public
>> ip'd servers on sis2 without going out over the Internet.  The
>> Soekris units I have only have 64Mb of CF memory, I think pfsense
>> wants 128Mb.  I have to do more testing, but the biggest issue is
>> access to the printer on the private subnet for the servers on the
>> public subnet.
>
>
> A picture is worth a thousand words.  A network diagram is with a
> thousand e-mails. :)  I think we need one now as I still can't follow
> this.
>
>             Lee
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
Public subnet w/public servers  --> Bonded T1's connected to a Cisco
2620(bandwidth exclusive to hosted services)
                |
                |
Soekris running mOnOWall --> DSL(Internet bandwidth exclusive for office
computer use)
               |
               |
Private subnet with local printers(192.168.x.x subnet)

The DSL is connected to sis0 or eth0 on the Soekris.  The private subnet
is on sis1 or eth1 and the public subnet is on sis2 or eth2 on the Soekris.

There is no dual WAN routing here.  I have a private subnet with office
computers and have a DSL for their Internet access.  I have a public
subnet with hosted services with two T1's supplying bandwidth to them. 

The only printer in the mix is on the private subnet.  I want to print
from the public servers to the printer.  I also want to have access to
the public servers for administrative purposes without that traffic
traveling out over the Internet.
 
I have an old computer that is doing this with IPTables now(how long can
one expect a PII to keep working?), but want to retire it and the
Soekris will take less power.  Ping and traceroute work both ways across
the Soekris from the  public subnet to the private subnet.  But I can
not print from the public servers to the printer on the private subnet. 
Why would ICMP packets work, but not TCP or UDP?

I am not married to m0n0wall, but the Soekris are net4801 with 64Mb CF
cards right now.

Lyle