|
||||||||||
On 05.01.2011, at 17:34, Charles Hargrove wrote: > I have a remote site that I link to that is a gateway for the 44/8 > network. Members of this network are using IPIP encap to route their > packets to/from their home stations. I have set up a NAT and IPv4 rule to > allow all packets from the gateway address and the 44/8 network. I did > this because I did not see IP encap (or any possible flavor of it) in the > protocol list for either NAT or firewall rules. Does anybody have an idea > why this is not working? I assume you're referring to IP encapsulation according to RFC 2003 (with IP protocol number 4 in the outer IP header). m0n0wall does not support this kind of tunnel (nor GRE tunnels, for that matter) - only IPsec with IKE. If you intend to use a separate device/router behind your m0n0wall to decapsulate the IP-encap packets, you need a 1:1 NAT rule and a separate public WAN IP address to terminate the tunnel, as m0n0wall does not allow for "inbound NAT" rules on arbitrary (i.e. non-TCP/UDP) IP protocols. > Also, I am not getting RIP broadcasts from the > gateway address on my port 520. Thanks in advance. m0n0wall does not support any dynamic routing protocols, but I assume this would be run inside the tunnel (with a RIP daemon running on the device that terminates the IP-encap tunnel on your end), in which case it should work once you have the 1:1 NAT properly set up. - Manuel |