Lyle Giese wrote:
> I keep hitting reply and it does not go to the list with Thunderbird..
> -------- Original Message --------
> Subject: Re: [m0n0wall] NAT - port forwarding from the non-WAN subnet
> Date: Sat, 06 Jun 2009 19:12:42 -0500
> From: Lyle Giese <lyle at lcrcomputer dot net>
> To: Lee Sharp <leesharp at hal dash pc dot org>
> References: <4A2886DE dot 4020603 at lcrcomputer dot net>
> <be1a19be0906051510j509dbd4dt8514f25e4ff0a2f at mail dot gmail dot com>
> <4A29D4FB dot 4070004 at lcrcomputer dot net>
> <be1a19be0906051948h46bbff87n284fc931b835e05b at mail dot gmail dot com>
> <4A2A782A dot 4020802 at lcrcomputer dot net>
> <be1a19be0906061034h674536ccpaeeaa9db0feee404 at mail dot gmail dot com>
> <4A2AADAD dot 4070306 at lcrcomputer dot net> <4A2AF6EC dot 8050806 at hal dash pc dot org>
> Lee Sharp wrote:
>> Lyle Giese wrote:
>>> That may explain things, but no I am not wanting multiWAN. I just
>>> want the private subnet on sis1 to have direct access to the public
>>> ip'd servers on sis2 without going out over the Internet. The
>>> Soekris units I have only have 64Mb of CF memory, I think pfsense
>>> wants 128Mb. I have to do more testing, but the biggest issue is
>>> access to the printer on the private subnet for the servers on the
>>> public subnet.
>> A picture is worth a thousand words. A network diagram is with a
>> thousand e-mails. :) I think we need one now as I still can't follow
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> Public subnet w/public servers --> Bonded T1's connected to a Cisco
> 2620(bandwidth exclusive to hosted services)
> Soekris running mOnOWall --> DSL(Internet bandwidth exclusive for office
> computer use)
> Private subnet with local printers(192.168.x.x subnet)
> The DSL is connected to sis0 or eth0 on the Soekris. The private subnet
> is on sis1 or eth1 and the public subnet is on sis2 or eth2 on the Soekris.
> There is no dual WAN routing here. I have a private subnet with office
> computers and have a DSL for their Internet access. I have a public
> subnet with hosted services with two T1's supplying bandwidth to them.
> The only printer in the mix is on the private subnet. I want to print
> from the public servers to the printer. I also want to have access to
> the public servers for administrative purposes without that traffic
> traveling out over the Internet.
> I have an old computer that is doing this with IPTables now(how long can
> one expect a PII to keep working?), but want to retire it and the
> Soekris will take less power. Ping and traceroute work both ways across
> the Soekris from the public subnet to the private subnet. But I can
> not print from the public servers to the printer on the private subnet.
> Why would ICMP packets work, but not TCP or UDP?
> I am not married to m0n0wall, but the Soekris are net4801 with 64Mb CF
> cards right now.
If you examine your IPTables rules on the Linux box I'm sure you'll find
some rule that is allowing that traffic through. Have you created FW
rules on the m0n0 box to allow that traffic through?