[ previous ] [ next ] [ threads ]
 
 From:  Anders Hagman <anders dot hagman at netplex dot se>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Was: how to reach modem on WAN port
 Date:  Thu, 20 Jan 2011 18:51:06 +0100
Hi

I have used a modem outside m0n0wall with http and syslog for some time.
The modem has the address 192.168.1.1 in my example.

1. First I have added a secondary address with a shell command into the 
xml file.

<system>
<shellcmd>ifconfig xl0 192.168.1.2/24 alias</shellcmd>

2. Turn on outbound advanced NAT and add a rule for normal traffic and 
traffic to the modem. Use the secondary address as the target address. 
This to make HTTP to the modem work.

WAN     172.16.2.0/24     ! 192.168.1.1/32     *             Normal LAN NAT
WAN     172.16.2.0/24     192.168.1.1/32     192.168.1.2     D-Link modem

3.1 Syslog needs four things. First add server NAT external address.

192.168.1.3 External address of the syslog server

3.2 Make an inbound NAT rule for syslog. 172.16.2.6 is the syslog 
address on the inside.

WAN     UDP     514     172.16.2.6             514     trap syslog
                         (ext.: 192.168.1.3)

3.3  Make a filter rule to accept the syslog traffic.

UDP     192.168.1.1     *     172.16.2.6     514     NAT syslog trap

3.4 Add a proxy arp entry to make the m0nwall answer arp requests on the 
address 192.168.1.3.

  WAN     192.168.1.3      NAT to syslog

4. Configure your modem to send syslog to 192.168.1.3

Good luck

Anders

On 2011-01-19 20:10, Egbert Jan van den Bussche wrote:
> TNX Jakob. The modem is in bridge mode indeed and PPP assigment works 
> but I would like to be able to use the web interface of the modem and 
> more important, the modem sends syslog messages which I want to 
> capture on miy server on the LAN. I seem to remember that I had this 
> working when I tested with OpenWRT, a long time ago. But I want to 
> stick to Monowall, though... I'm used to that and it serves me a well 
> for a few years already.
>
> EJ
>
>
> Op 19-1-2011 20:03, Jakob Schwienbacher schreef:
>> Hello Egbert,
>>
>> I'm not an expert. It's just a proposal/question. For which reason do
>> you need the IP 192.168.178.254 assigned on the WAN side? As far as i
>> know it should be enough to set the monowall's WAN interface to PPPoE.
>> The modem (I don't know this type/model) should be configured as modem
>> only (bridging) mode. In my opinion this should be enough.
>>
>> Do you have the possibility to check the PPPoE connection with e.g.
>> pppoe on Linux or Windows XP's WAN Miniport tool?
>>
>> Hth
>>
>> Regards,
>> Jakob
>>
>> On 19 January 2011 19:31, Egbert Jan van den Bussche
>> <egbert at vandenbussche dot nl>  wrote:
>>> To continue my thread of Jan, 12:
>>>
>>> Well, this is with 1.33b1 on silent PC HW with embedded NIC (for 
>>> WAN) and
>>> dual INTEL card for LAN and OPT1.
>>>
>>> As explaned before I need to reach the modem om say, 192.168.178.1. 
>>> The WAN
>>> connection is PPPoE, what is translated to PPPoA by the modem (yes, 
>>> this
>>> modem is a Vigor120). So the address of WAN is PPP assigned.
>>>
>>> I tried adding a few lines in the<secondary>  block like this
>>> <secondaries>
>>> <secondary>
>>> <if>wan</if>
>>> <ipaddr>192.168.178.254</ipaddr>
>>> <prefix>24</prefix>
>>> <descr>test</descr>
>>> </secondary>
>>> </secondaries>
>>>
>>> I probably need a nat rule too to reach that network but don't know 
>>> how.
>>>
>>> But I begin to wonder if WAN can have a secondary address at all.
>>> I would expect to see it listed under "status interfaces". It isn't.
>>>
>>> Any remarks? Manuel? Can I have secondary IP address on WAN at all? 
>>> Also
>>> when WAN is on PPP mode?
>>>
>>> TIA! Egbert Jan (NL)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>