On 05.01.2011, at 17:34, Charles Hargrove wrote:
> I have a remote site that I link to that is a gateway for the 44/8
> network. Members of this network are using IPIP encap to route their
> packets to/from their home stations. I have set up a NAT and IPv4 rule to
> allow all packets from the gateway address and the 44/8 network. I did
> this because I did not see IP encap (or any possible flavor of it) in the
> protocol list for either NAT or firewall rules. Does anybody have an idea
> why this is not working?
I assume you're referring to IP encapsulation according to RFC 2003 (with IP protocol number 4 in
the outer IP header). m0n0wall does not support this kind of tunnel (nor GRE tunnels, for that
matter) - only IPsec with IKE.
If you intend to use a separate device/router behind your m0n0wall to decapsulate the IP-encap
packets, you need a 1:1 NAT rule and a separate public WAN IP address to terminate the tunnel, as
m0n0wall does not allow for "inbound NAT" rules on arbitrary (i.e. non-TCP/UDP) IP protocols.
> Also, I am not getting RIP broadcasts from the
> gateway address on my port 520. Thanks in advance.
m0n0wall does not support any dynamic routing protocols, but I assume this would be run inside the
tunnel (with a RIP daemon running on the device that terminates the IP-encap tunnel on your end), in
which case it should work once you have the 1:1 NAT properly set up.