Hi Mike,
It is still not working. I took some snoops from it.
That is the working part (from NAS network 192.168.101.0/24 to the other network 192.168.230.0/24)
---snip---
No. Time Source Destination Protocol Info
7 4.251859 192.168.101.3 192.168.230.10 ICMP Echo (ping) request
(id=0xc86a, seq(be/le)=1/256, ttl=63)
Frame 7: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Arrival Time: Oct 12, 2010 13:54:38.886744000 Mitteleuropäische Sommerzeit
Epoch Time: 1286884478.886744000 seconds
[Time delta from previous captured frame: 0.743175000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 4.251859000 seconds]
Frame Number: 7
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Vmware_b0:5e:0f (00:50:56:b0:5e:0f), Dst: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Destination: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Address: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Address: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.230.10 (192.168.230.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x6f4a [correct]
[Good: True]
[Bad: False]
Source: 192.168.101.3 (192.168.101.3)
Destination: 192.168.230.10 (192.168.230.10)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x22af [correct]
Identifier: 0xc86a
Sequence number: 1 (0x0001)
Sequence number (LE): 256 (0x0100)
Data (56 bytes)
0000 7e 4c b4 4c e2 48 0d 00 08 09 0a 0b 0c 0d 0e 0f ~L.L.H..........
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
Data: 7e4cb44ce2480d0008090a0b0c0d0e0f1011121314151617...
[Length: 56]
No. Time Source Destination Protocol Info
8 4.252026 192.168.230.10 192.168.101.3 ICMP Echo (ping) reply
(id=0xc86a, seq(be/le)=1/256, ttl=64)
Frame 8: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Arrival Time: Oct 12, 2010 13:54:38.886911000 Mitteleuropäische Sommerzeit
Epoch Time: 1286884478.886911000 seconds
[Time delta from previous captured frame: 0.000167000 seconds]
[Time delta from previous displayed frame: 0.000167000 seconds]
[Time since reference or first frame: 4.252026000 seconds]
Frame Number: 8
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Vmware_b0:7f:68 (00:50:56:b0:7f:68), Dst: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Destination: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Address: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Address: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.230.10 (192.168.230.10), Dst: 192.168.101.3 (192.168.101.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x57d7 (22487)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x5673 [correct]
[Good: True]
[Bad: False]
Source: 192.168.230.10 (192.168.230.10)
Destination: 192.168.101.3 (192.168.101.3)
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x2aaf [correct]
Identifier: 0xc86a
Sequence number: 1 (0x0001)
Sequence number (LE): 256 (0x0100)
Data (56 bytes)
0000 7e 4c b4 4c e2 48 0d 00 08 09 0a 0b 0c 0d 0e 0f ~L.L.H..........
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
Data: 7e4cb44ce2480d0008090a0b0c0d0e0f1011121314151617...
[Length: 56]
No. Time Source Destination Protocol Info
9 5.258747 192.168.101.3 192.168.230.10 ICMP Echo (ping) request
(id=0xc86a, seq(be/le)=2/512, ttl=63)
Frame 9: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Arrival Time: Oct 12, 2010 13:54:39.893632000 Mitteleuropäische Sommerzeit
Epoch Time: 1286884479.893632000 seconds
[Time delta from previous captured frame: 1.006721000 seconds]
[Time delta from previous displayed frame: 1.006721000 seconds]
[Time since reference or first frame: 5.258747000 seconds]
Frame Number: 9
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Vmware_b0:5e:0f (00:50:56:b0:5e:0f), Dst: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Destination: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Address: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Address: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.230.10 (192.168.230.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: ICMP (1)
Header checksum: 0x6f4a [correct]
[Good: True]
[Bad: False]
Source: 192.168.101.3 (192.168.101.3)
Destination: 192.168.230.10 (192.168.230.10)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xd462 [correct]
Identifier: 0xc86a
Sequence number: 2 (0x0002)
Sequence number (LE): 512 (0x0200)
Data (56 bytes)
0000 7f 4c b4 4c 2f 94 0d 00 08 09 0a 0b 0c 0d 0e 0f .L.L/...........
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
Data: 7f4cb44c2f940d0008090a0b0c0d0e0f1011121314151617...
[Length: 56]
---snap---
That is the not working part (from 192.168.230.0/24 to the other network NAS network
192.168.101.0/24)
---snip---
No. Time Source Destination Protocol Info
78 8.642006 192.168.230.10 192.168.101.3 ICMP Echo (ping) request
(id=0x344e, seq(be/le)=1/256, ttl=64)
Frame 78: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Arrival Time: Oct 12, 2010 13:55:27.100756000 Mitteleuropäische Sommerzeit
Epoch Time: 1286884527.100756000 seconds
[Time delta from previous captured frame: 0.000109000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 8.642006000 seconds]
Frame Number: 78
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Vmware_b0:7f:68 (00:50:56:b0:7f:68), Dst: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Destination: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Address: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Address: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.230.10 (192.168.230.10), Dst: 192.168.101.3 (192.168.101.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x6e4a [correct]
[Good: True]
[Bad: False]
Source: 192.168.230.10 (192.168.230.10)
Destination: 192.168.101.3 (192.168.101.3)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x1ebb [correct]
Identifier: 0x344e
Sequence number: 1 (0x0001)
Sequence number (LE): 256 (0x0100)
Data (56 bytes)
0000 af 4c b4 4c 00 00 00 00 81 89 01 00 00 00 00 00 .L.L............
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
Data: af4cb44c0000000081890100000000001011121314151617...
[Length: 56]
No. Time Source Destination Protocol Info
80 9.655970 192.168.230.10 192.168.101.3 ICMP Echo (ping) request
(id=0x344e, seq(be/le)=2/512, ttl=64)
Frame 80: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Arrival Time: Oct 12, 2010 13:55:28.114720000 Mitteleuropäische Sommerzeit
Epoch Time: 1286884528.114720000 seconds
[Time delta from previous captured frame: 1.011860000 seconds]
[Time delta from previous displayed frame: 1.013964000 seconds]
[Time since reference or first frame: 9.655970000 seconds]
Frame Number: 80
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Vmware_b0:7f:68 (00:50:56:b0:7f:68), Dst: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Destination: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Address: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Address: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.230.10 (192.168.230.10), Dst: 192.168.101.3 (192.168.101.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x6e4a [correct]
[Good: True]
[Bad: False]
Source: 192.168.230.10 (192.168.230.10)
Destination: 192.168.101.3 (192.168.101.3)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x9683 [correct]
Identifier: 0x344e
Sequence number: 2 (0x0002)
Sequence number (LE): 512 (0x0200)
Data (56 bytes)
0000 b0 4c b4 4c 00 00 00 00 08 c0 01 00 00 00 00 00 .L.L............
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
Data: b04cb44c0000000008c00100000000001011121314151617...
[Length: 56]
No. Time Source Destination Protocol Info
82 10.657049 192.168.230.10 192.168.101.3 ICMP Echo (ping) request
(id=0x344e, seq(be/le)=3/768, ttl=64)
Frame 82: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Arrival Time: Oct 12, 2010 13:55:29.115799000 Mitteleuropäische Sommerzeit
Epoch Time: 1286884529.115799000 seconds
[Time delta from previous captured frame: 0.221177000 seconds]
[Time delta from previous displayed frame: 1.001079000 seconds]
[Time since reference or first frame: 10.657049000 seconds]
Frame Number: 82
Frame Length: 98 bytes (784 bits)
Capture Length: 98 bytes (784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: Vmware_b0:7f:68 (00:50:56:b0:7f:68), Dst: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Destination: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
Address: Vmware_b0:5e:0f (00:50:56:b0:5e:0f)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
Address: Vmware_b0:7f:68 (00:50:56:b0:7f:68)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.230.10 (192.168.230.10), Dst: 192.168.101.3 (192.168.101.3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (1)
Header checksum: 0x6e4a [correct]
[Good: True]
[Bad: False]
Source: 192.168.230.10 (192.168.230.10)
Destination: 192.168.101.3 (192.168.101.3)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x5e7e [correct]
Identifier: 0x344e
Sequence number: 3 (0x0003)
Sequence number (LE): 768 (0x0300)
Data (56 bytes)
0000 b1 4c b4 4c 00 00 00 00 3f c4 01 00 00 00 00 00 .L.L....?.......
0010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................
0020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
0030 30 31 32 33 34 35 36 37 01234567
Data: b14cb44c000000003fc40100000000001011121314151617...
[Length: 56]
---snap---
So it is unclear for me why it is not working in both directions...
Any help is highly appreciated.
Cheers
Arne
-----Original Message-----
From: Jewell, Michael [mailto:mjewell at law dot umaryland dot edu]
Sent: 11 October 2010 18:33
To: Brieseneck, Arne, VF-Group
Subject: RE: Routing problem
I had a Cisco router with a vlan that for some reason was not showing up in the routing table, on
that I shut the vlan, and then no shut it and it added it back to the routes. I don't actually use
my m0n0 currently (the project I was using it for ended) but I would consider trying to shutdown
the vlan interface and bring it back up to see if it gets re-added to the routing table...
Good luck
-Mike
-----Original Message-----
From: Brieseneck, Arne, VF-Group [mailto:Arne dot Brieseneck at vodafone dot com]
Sent: Monday, October 11, 2010 12:24 PM
To: Jewell, Michael; m0n0wall at lists dot m0n0 dot ch
Subject: RE: Routing problem
Mi Mike,
Well when we talk about any any rules we usually mean to have rules for every protocol from and to
everywhere.
I don't think it is a problem of the firewall. The problem seems to be a routing problem really as
the attached network seems not to be in the routing table.
Have a look into the /status.php excerpt:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 192.168.11.1 UGS 0 196087 vlan10
10.1.1/24 link#6 UC 0 0 vlan0
10.1.1.254 00:50:56:8f:60:46 UHLW 1 126 vlan0
1102
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.11/30 link#16 UC 0 0 vlan10
192.168.11.1 00:50:56:b0:55:f1 UHLW 2 342 vlan10
605
192.168.50.192/27 link#2 UC 0 0 em1
192.168.200 link#9 UC 0 0 vlan3
192.168.201 link#8 UC 0 0 vlan2
192.168.202 link#10 UC 0 0 vlan4
192.168.202.3 00:50:56:b0:6a:93 UHLW 1 120736 vlan4
753
192.168.202.4 00:50:56:b0:6b:9f UHLW 1 32366 vlan4
1076
192.168.203 link#11 UC 0 0 vlan5
192.168.203.3 00:50:56:b0:51:8d UHLW 1 33801 vlan5
946
192.168.203.4 00:50:56:b0:7f:c8 UHLW 1 16057 vlan5
1050
192.168.204 link#12 UC 0 0 vlan6
192.168.230 link#13 UC 0 0 vlan7
192.168.230.10 00:50:56:b0:7f:68 UHLW 1 1219 vlan7
724
192.168.231 link#14 UC 0 0 vlan8
192.168.232 link#15 UC 0 0 vlan9
Basically you see that there is no VLAN 101 and no network
192.168.101.0/24 on em2 interface.
Which is strange as the network is there in the interfaces section:
Interfaces
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::250:56ff:feb0:4551%em0 prefixlen 64 scopeid 0x1
ether 00:50:56:b0:45:51
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::250:56ff:feb0:5e0f%em1 prefixlen 64 scopeid 0x2
inet 192.168.50.219 netmask 0xffffffe0 broadcast 192.168.50.223
ether 00:50:56:b0:5e:0f
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::250:56ff:feb0:3f7a%em2 prefixlen 64 scopeid 0x3
inet 192.168.101.1 netmask 0xffffff00 broadcast 192.168.101.255
ether 00:50:56:b0:3f:7a
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
This would explain why the system can not see anything in the VLAN 101 from any other network /
interface.
Do you agree?
Cheers
Arne
-----Original Message-----
From: Jewell, Michael [mailto:mjewell at law dot umaryland dot edu]
Sent: 11 October 2010 17:42
To: Brieseneck, Arne, VF-Group; m0n0wall at lists dot m0n0 dot ch
Subject: RE: Routing problem
Going by your initial email with sparse information... I never said you couldn't put more
restrictive rules in later, but initial diagnostics of what's wrong is much simpler with "any any"
rules. You did say you had "any any" rules, but you never stated a protocol or interface they were
assigned to.
> The rule set is ANY-ANY so far and I see the traffic passing the
firewall.
If you don't want help or want to give unhelpful responses, then don't post to the listserv. Most
people who are unfamiliar with firewall rules do not know that pings are ICMP and not TCP/UDP or
TCPIP and require their own specific rules. It's not a routing limitation of m0n0wall.
-Mike
-----Original Message-----
From: Brieseneck, Arne, VF-Group [mailto:Arne dot Brieseneck at vodafone dot com]
Sent: Monday, October 11, 2010 1:56 AM
To: Jewell, Michael; m0n0wall at lists dot m0n0 dot ch
Subject: RE: Routing problem
Standard IP any any. So it is not worth to call it a firewall...
-----Original Message-----
From: Jewell, Michael [mailto:mjewell at law dot umaryland dot edu]
Sent: 08 October 2010 20:10
To: Brieseneck, Arne, VF-Group
Subject: RE: Routing problem
Do you have an ICMP any any rule? Or just the standard IP any any?
-Mike
-----Original Message-----
From: Brieseneck, Arne, VF-Group [mailto:Arne dot Brieseneck at vodafone dot com]
Sent: Friday, October 08, 2010 11:09 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Routing problem
Hi all,
I have a strange problem and I don't know a solution.
The situation is like this:
I have a monowall running with a LAN, a WAN and several OPT interfaces.
The monowall itself has 3 physical interfaces.
1 -> WAN
2 -> LAN
3 -> NAS
The OPT interfaces are all on VLANs but the NAS, that is physical LAN and WAN are on physical as
well but have VLAN tagged.
When I am on the GUI of monowall I can ping every host in the NAS network without any problem from
the NAS interface.
But when I try that from any other interface it does not work. The rule set is ANY-ANY so far and I
see the traffic passing the firewall.
On the other side I have a storage system. Default GW is the IP of the NAS interface of the wall.
That is working fine. I can ping the wall and I can access other systems on other OPT networks
without a problem. But from the OPT networks towards any server in the NAS network is not possible.
But you can reach the IP of the NAS interface of course.
I wonder if there is a routing limitation in monowall...
Any help is highly appreciated.
Cheers
Arne
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |
