[ previous ] [ next ] [ threads ]
 From:  Anders Hagman <anders dot hagman at netplex dot se>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Was: how to reach modem on WAN port
 Date:  Thu, 20 Jan 2011 18:51:06 +0100

I have used a modem outside m0n0wall with http and syslog for some time.
The modem has the address in my example.

1. First I have added a secondary address with a shell command into the 
xml file.

<shellcmd>ifconfig xl0 alias</shellcmd>

2. Turn on outbound advanced NAT and add a rule for normal traffic and 
traffic to the modem. Use the secondary address as the target address. 
This to make HTTP to the modem work.

WAN     !     *             Normal LAN NAT
WAN     D-Link modem

3.1 Syslog needs four things. First add server NAT external address. External address of the syslog server

3.2 Make an inbound NAT rule for syslog. is the syslog 
address on the inside.

WAN     UDP     514             514     trap syslog

3.3  Make a filter rule to accept the syslog traffic.

UDP     *     514     NAT syslog trap

3.4 Add a proxy arp entry to make the m0nwall answer arp requests on the 

  WAN      NAT to syslog

4. Configure your modem to send syslog to

Good luck


On 2011-01-19 20:10, Egbert Jan van den Bussche wrote:
> TNX Jakob. The modem is in bridge mode indeed and PPP assigment works 
> but I would like to be able to use the web interface of the modem and 
> more important, the modem sends syslog messages which I want to 
> capture on miy server on the LAN. I seem to remember that I had this 
> working when I tested with OpenWRT, a long time ago. But I want to 
> stick to Monowall, though... I'm used to that and it serves me a well 
> for a few years already.
> EJ
> Op 19-1-2011 20:03, Jakob Schwienbacher schreef:
>> Hello Egbert,
>> I'm not an expert. It's just a proposal/question. For which reason do
>> you need the IP assigned on the WAN side? As far as i
>> know it should be enough to set the monowall's WAN interface to PPPoE.
>> The modem (I don't know this type/model) should be configured as modem
>> only (bridging) mode. In my opinion this should be enough.
>> Do you have the possibility to check the PPPoE connection with e.g.
>> pppoe on Linux or Windows XP's WAN Miniport tool?
>> Hth
>> Regards,
>> Jakob
>> On 19 January 2011 19:31, Egbert Jan van den Bussche
>> <egbert at vandenbussche dot nl>  wrote:
>>> To continue my thread of Jan, 12:
>>> Well, this is with 1.33b1 on silent PC HW with embedded NIC (for 
>>> WAN) and
>>> dual INTEL card for LAN and OPT1.
>>> As explaned before I need to reach the modem om say, 
>>> The WAN
>>> connection is PPPoE, what is translated to PPPoA by the modem (yes, 
>>> this
>>> modem is a Vigor120). So the address of WAN is PPP assigned.
>>> I tried adding a few lines in the<secondary>  block like this
>>> <secondaries>
>>> <secondary>
>>> <if>wan</if>
>>> <ipaddr></ipaddr>
>>> <prefix>24</prefix>
>>> <descr>test</descr>
>>> </secondary>
>>> </secondaries>
>>> I probably need a nat rule too to reach that network but don't know 
>>> how.
>>> But I begin to wonder if WAN can have a secondary address at all.
>>> I would expect to see it listed under "status interfaces". It isn't.
>>> Any remarks? Manuel? Can I have secondary IP address on WAN at all? 
>>> Also
>>> when WAN is on PPP mode?
>>> TIA! Egbert Jan (NL)
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch