Re: [m0n0wall] question regarding connectivity with another router between client and m0n0wall

From:	Kasper Pedersen <m0n0list dash kkp2 at kasperkp dot dk>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] question regarding connectivity with another router between client and m0n0wall
Date:	Thu, 01 Oct 2009 23:23:35 +0200

On 10/01/2009 09:34 PM, kirt wrote:
> Maybe I'm missing something, but for whatever stupid reason, I can't figure
> this out.
>
> Currently, my network is something like this...
>
> remote sites (dedicated connections over cisco routers) (10.3.128.0 and
> higher)
>       |
> main LAN at my building (10.3.0.0/17)
>       |
> core router (inside 10.3.0.1 - outside 10.1.0.1)
>       |
> iPrism web filter (10.1.0.2)
>       |
> Cisco PIX (10.1.0.3)
>       |
> Internet
>    

>  From machines on the LAN, I cannot ping 10.1.0.4 at all.
>  From the m0n0wall, I can ping all the other 10.1.0.x addresses
>    

This is similar to a setup I run for a friend.
-Add a rule on the 10.1.0.x interface to allow tcp/80 from 10.3.0.0/17 
or wherever you want to manage it from.
-Add the route to 10.3.0.0/17 (and 10.3.128.0/17-blocks). I assume 
you've done so, but better ask than not.

I just recently replaced the particular 1.11 box with something more 
recent. It's been up continuously since 1.11 got published.

/Kasper