[ previous ] [ next ] [ threads ]
 
 From:  Charles Goldsmith <wokka at justfamily dot org>
 To:  Tim Nelson <tnelson at rockbochs dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: proxy arp problems
 Date:  Thu, 10 Dec 2009 16:35:19 -0600 
LOL, no, I have it setup per the documentation on Server NATs, which
is what I need.  A filtering bridge is more of a 1:1 setup, and I
don't have that many IP's available

Its acting like a bug, that's why I was asking if anyone else is using
it on 1.3

The next chance I get to travel down to the colo, I'll have 1.2 loaded
on a flash card to test it out.

Charles

On Thu, Dec 10, 2009 at 4:14 PM, Tim Nelson <tnelson at rockbochs dot com> wrote:
>> On Tue, Dec 8, 2009 at 10:47 PM, Charles Goldsmith
>> <wokka at justfamily dot org> wrote:
>> > I've been a user of m0n0 for several years, and am trying to put a
>> new
>> > install in at a colo.  Soekris 5501 with 1.3 new install on a flash
>> > card.
>> >
>> > No problems with the basic nat/fw setup.  But when I setup a few
>> > server NATs and proxy arp, the proxy arp doesn't seem to be
>> working.
>> >
>> > I have a /29 in a vlan, so the ISP isn't routing it.  If I unplug
>> my
>> > WAN port on the firewall and plug into my linux laptop, I can alias
>> in
>> > all of the IP's and can ping them from remote.  The m0n0 doesn't
>> seem
>> > to proxy arp my secondary IP's or the server nat's don't work, not
>> > totally sure, but it seems to be proxy arp.  I enabled ICMP to all
>> > ip's and can ping the WAN address, but I cannot ping any of the
>> other
>> > IP's.
>> >
>> > Is anyone using server nats and proxy arp with 1.3 sucessfully?  I
>> > might be able to get my ISP to route the IPs for me, but I'd rather
>> > not bother them with this.
>> >
>> > Any help would be appreciated.
>> > Charles
>> >
>>
>
> I've got systems setup in the same type of environment(subnet routed to my network/VLAN) but have
not had to use proxy arp, server nat, or 1:1 nat. I simply setup the box to be a filtering bridge
(Option checked in Advanced-->Enable Filtering Bridge). Then, I simply add rules to allow traffic
through (with default deny rule of course).
>
> I just verified this setup is in use on 4 or 5 production systems all running 1.3b11. Maybe you're
going about this the wrong way? :-)
>
> Tim Nelson
> Systems/Network Support
> Rockbochs Inc.
> (218)727-4332 x105
>