[ previous ] [ next ] [ threads ]
 
 From:  Lyle Giese <lyle at lcrcomputer dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: WG: [m0n0wall] Would like to route Secondary IPs on LAN | Zwei Secondary IPs neben dem Hauptnetz
 Date:  Fri, 11 Apr 2014 12:05:26 -0500
I have created firewalls before m0n0wall and now using m0n0wall doing 
this sort of thing.  If I understand correctly you have three subnets 
involved.

Subnet 1  - local subnet that you are on.
Subnet 2 - local subnet that you are not on, but want to access directly 
and avoiding going out to the internet and back to get there.
Subnet 3 - Wan subnet/interface on m0n0wall

Long time ago, I learned that the easiest way to make this work is to 
have three ethernet interfaces in your firewall/router.  Put a static 
route( and proper firewall rules) to route traffic from Subnet 1's 
ethernet interface to Subnet 2's ethernet interface.

If I am mis-understanding(it's entirely possibly), you need to clarify 
what you are doing or wanting to accomplish.

Lyle Giese
LCR Computer Services, Inc.

On 04/11/14 08:13, Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de wrote:
>
> Dear Joschka.
>
>
>
> Now it is :
>
>
>
>
>
> http://s7.directupload.net/images/140411/ti5jz69x.jpg
>
>
>
> But it ist he same : Ill get now answere from the pinged client
>
>
>
> Best wishes
>
>
>
> Dennis
>
>
>
>
>
>
>

> Von: Joschka Blohm [mailto:admin at zpt dash muenster dot de]
> Gesendet: Freitag, 11. April 2014 14:58
> An: m0n0wall at lists dot m0n0 dot ch<mailto:m0n0wall at lists dot m0n0 dot ch>
> Betreff: Re: [m0n0wall] Would like to route Secondary IPs on LAN | Zwei Secondary IPs neben dem
Hauptnetz
>
>
>
> Dear Dennis,
>
>
>
> have a firm look on your destination and source networks.
>
> As far as what you have said you have set the route to 10.147.211.0/24 correctly, but you have to
define this rule the other way round, so that the clients from 10.147.211.0/24 can access your LAN
network.
>
>
>
>        +---------+---------------+------+----------------+------+
>
>        |  Proto  | Source        | Port | Destination    | Port |
>
>        |---------|---------------|------|----------------|------|
>
>        |    *    |    LAN net    |  *   |10.147.211.0/24 |   *  |
>
>        |         |               |      |                |      |
>
> --->  |    *    |10.147.211.0/24|  *   |     LAN net    |   *  |
>
>        +---------+---------------+------+----------------+------+
>
>
>
> HTH
>
>
>
> Regards,
>
>
>
> Joschka
>
>
>
> Am 11.04.2014 14:04, schrieb
Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de<mailto:Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de>:
>
>> Dear Joscka.
>> What i have done :
>> On my LAN Interface i insert the secondary Network 10.147.211.0/24 In
>> den LAN Rules I set an any->any rule to this network ( or have I set it in the wan section ?
>> Best wishes
>> Dennis

>> Von: Joschka Blohm [mailto:admin at zpt dash muenster dot de]
>> Gesendet: Freitag, 11. April 2014 13:27
>> An: m0n0wall at lists dot m0n0 dot ch<mailto:m0n0wall at lists dot m0n0 dot ch>
>> Betreff: Re: [m0n0wall] Would like to route Secondary IPs on LAN |
>> Zwei Secondary IPs neben dem Hauptnetz
>> Dear Dennis,
>> have you set the right firewall rules to allow the traffic from the XP network to the normal
network?
>> As default there is only one rule to allow routing from the LAN net to any other network.
>> Maybe you may wish to clarify what you have done so far (e.g. firewall rules).
>> Unfortunately I do not have a working setup with secondary IPs for testing.
>> Regards
>> Joschka
>> Am 11.04.2014 10:35, schrieb
Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de<mailto:Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de>:
>>> Dear all.
>>> I would like to route 1 IP Range (10.147.211.0/24 ) next to my normal network. So i put it into
the Secondary IPs of my LAN interface. But if i would like to connect from this (10.147.211.0/24 )
to my normal network i get now connection. The connection from my normal network to the
(10.147.211.0/24 )  is okay. I can ping anything and use remote connections for example.
>>> Any help ?
>>> Best wishes
>>> ----------------------------------------------------------------
>>> Hallo zusammen.


aus dem normalen Netz erreicht werden.

etwas. ich habe diese unter Secondary IPs eingetragen aber bekomme noch immer keine Verbindung.
>>> Kann mir jemand helfen ?
>>> LG
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch<mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch<mailto:m0n0wall dash help at lists dot m0n0 dot ch>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch<mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch<mailto:m0n0wall dash help at lists dot m0n0 dot ch>
>
>
> --
>


erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind nicht gestattet.
>
>
>
> This e-mail and any attachments may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the
material in this e-mail is strictly forbidden.
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch<mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
>
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch<mailto:m0n0wall dash help at lists dot m0n0 dot ch>
>
>
>