[ previous ] [ next ] [ threads ]
 
 From:  <Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de>
 To:  <admin at zpt dash muenster dot de>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: AW: [m0n0wall] Would like to route Secondary IPs on LAN | Zwei Secondary IPs neben dem Hauptnetz
 Date:  Sat, 12 Apr 2014 08:06:53 +0000
Thank you.

I insert a 3th nic and call it messnetzwerk. So which rules i have to Set Now ?i tried somethinng
but it Dosent work.

Best wishes from Germany 

Dennis 



> Am 12.04.2014 um 09:57 schrieb "Joschka Blohm" <admin at zpt dash muenster dot de>:
> 
> ?For what I have found it is not possible, because m0n0wall does spoof-checking and blocks the
traffic.
> Have a look here: ?http://m0n0.ch/wall/list/showmsg.php?id=20/88
> ?
> I go along with Lyle's suggestion to use an additional NIC.
> 
> Regards
> 
>   Originalnachricht  
> Von: Lyle Giese
> Gesendet: Freitag, 11. April 2014 19:05
> An: m0n0wall at lists dot m0n0 dot ch
> Betreff: Re: WG: [m0n0wall] Would like to route Secondary IPs on LAN | Zwei Secondary IPs neben
dem Hauptnetz
> 
> I have created firewalls before m0n0wall and now using m0n0wall doing 
> this sort of thing. If I understand correctly you have three subnets 
> involved.
> 
> Subnet 1 - local subnet that you are on.
> Subnet 2 - local subnet that you are not on, but want to access directly 
> and avoiding going out to the internet and back to get there.
> Subnet 3 - Wan subnet/interface on m0n0wall
> 
> Long time ago, I learned that the easiest way to make this work is to 
> have three ethernet interfaces in your firewall/router. Put a static 
> route( and proper firewall rules) to route traffic from Subnet 1's 
> ethernet interface to Subnet 2's ethernet interface.
> 
> If I am mis-understanding(it's entirely possibly), you need to clarify 
> what you are doing or wanting to accomplish.
> 
> Lyle Giese
> LCR Computer Services, Inc.
> 
>> On 04/11/14 08:13, Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de wrote:
>> 
>> Dear Joschka.
>> 
>> 
>> 
>> Now it is :
>> 
>> 
>> 
>> 
>> 
>> http://s7.directupload.net/images/140411/ti5jz69x.jpg
>> 
>> 
>> 
>> But it ist he same : Ill get now answere from the pinged client
>> 
>> 
>> 
>> Best wishes
>> 
>> 
>> 
>> Dennis
>> 
>> 
>> 
>> 
>> 
>> 
>> 

>> Von: Joschka Blohm [mailto:admin at zpt dash muenster dot de]
>> Gesendet: Freitag, 11. April 2014 14:58
>> An: m0n0wall at lists dot m0n0 dot ch<mailto:m0n0wall at lists dot m0n0 dot ch>
>> Betreff: Re: [m0n0wall] Would like to route Secondary IPs on LAN | Zwei Secondary IPs neben dem
Hauptnetz
>> 
>> 
>> 
>> Dear Dennis,
>> 
>> 
>> 
>> have a firm look on your destination and source networks.
>> 
>> As far as what you have said you have set the route to 10.147.211.0/24 correctly, but you have to
define this rule the other way round, so that the clients from 10.147.211.0/24 can access your LAN
network.
>> 
>> 
>> 
>> +---------+---------------+------+----------------+------+
>> 
>> | Proto | Source | Port | Destination | Port |
>> 
>> |---------|---------------|------|----------------|------|
>> 
>> | * | LAN net | * |10.147.211.0/24 | * |
>> 
>> | | | | | |
>> 
>> ---> | * |10.147.211.0/24| * | LAN net | * |
>> 
>> +---------+---------------+------+----------------+------+
>> 
>> 
>> 
>> HTH
>> 
>> 
>> 
>> Regards,
>> 
>> 
>> 
>> Joschka
>> 
>> 
>> 
>> Am 11.04.2014 14:04, schrieb
Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de<mailto:Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de>:
>> 
>>> Dear Joscka.
>>> What i have done :
>>> On my LAN Interface i insert the secondary Network 10.147.211.0/24 In
>>> den LAN Rules I set an any->any rule to this network ( or have I set it in the wan section ?
>>> Best wishes
>>> Dennis

>>> Von: Joschka Blohm [mailto:admin at zpt dash muenster dot de]
>>> Gesendet: Freitag, 11. April 2014 13:27
>>> An: m0n0wall at lists dot m0n0 dot ch<mailto:m0n0wall at lists dot m0n0 dot ch>
>>> Betreff: Re: [m0n0wall] Would like to route Secondary IPs on LAN |
>>> Zwei Secondary IPs neben dem Hauptnetz
>>> Dear Dennis,
>>> have you set the right firewall rules to allow the traffic from the XP network to the normal
network?
>>> As default there is only one rule to allow routing from the LAN net to any other network.
>>> Maybe you may wish to clarify what you have done so far (e.g. firewall rules).
>>> Unfortunately I do not have a working setup with secondary IPs for testing.
>>> Regards
>>> Joschka
>>> Am 11.04.2014 10:35, schrieb
Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de<mailto:Dennis dot Riemenschneider at ruhr dash uni dash bochum dot de>:
>>>> Dear all.
>>>> I would like to route 1 IP Range (10.147.211.0/24 ) next to my normal network. So i put it into
the Secondary IPs of my LAN interface. But if i would like to connect from this (10.147.211.0/24 )
to my normal network i get now connection. The connection from my normal network to the
(10.147.211.0/24 ) is okay. I can ping anything and use remote connections for example.
>>>> Any help ?
>>>> Best wishes
>>>> ----------------------------------------------------------------
>>>> Hallo zusammen.


aus dem normalen Netz erreicht werden.

etwas. ich habe diese unter Secondary IPs eingetragen aber bekomme noch immer keine Verbindung.
>>>> Kann mir jemand helfen ?
>>>> LG
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch<mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
>>> For additional commands, e-mail:
m0n0wall dash help at lists dot m0n0 dot ch<mailto:m0n0wall dash help at lists dot m0n0 dot ch>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch<mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
>>> For additional commands, e-mail:
m0n0wall dash help at lists dot m0n0 dot ch<mailto:m0n0wall dash help at lists dot m0n0 dot ch>
>> 
>> 
>> --
>> 


erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das
unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail sind nicht gestattet.
>> 
>> 
>> 
>> This e-mail and any attachments may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the
material in this e-mail is strictly forbidden.
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> 
>> To unsubscribe, e-mail:
m0n0wall dash unsubscribe at lists dot m0n0 dot ch<mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
>> 
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch<mailto:m0n0wall dash help at lists dot m0n0 dot ch>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>