[ previous ] [ next ] [ threads ]
 
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Fred Weston'" <fred dot weston at daytonawan dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Connection between two networks..
 Date:  Mon, 29 Mar 2004 18:38:49 +0200
> -----Original Message-----
> From: Fred Weston [mailto:fred dot weston at daytonawan dot com]
> Sent: maandag 29 maart 2004 18:33
> To: Christiaens Joachim

> Subject: Re: [m0n0wall] Connection between two networks..
> 
> 
> Christiaens Joachim wrote:
> 
> >>-----Original Message-----

> >>Sent: maandag 29 maart 2004 14:49
> >>To: m0n0wall at lists dot m0n0 dot ch
> >>Subject: RE: [m0n0wall] Connection between two networks..
> >>
> >>
> >>Hi.. 
> >>    
> >>
> >>>your subnet masks are too long, you should have set 10.1.1.0/8 and
> >>>10.2.1.0/8 for your 2 networks to ping each other
> >>>
> >>>or you could have chosen a B private class (eg: 172.16.1.0/16 and
> >>>172.16.2.0/16)
> >>>      
> >>>
> >>I don't think this is the problem, since I've got a static 
> >>route from the 10.1.1.0/24 net to the 10.2.1.0/24 net ..
> >>
> >>---
> >>Thanks,
> >>Kurt Inge
> >>
> >>    
> >>
> >
> >Subnetting if fine this way, only not done in classic 
> classes, which is
> >irrelevant at this moment.
> >
> >Static routes on hosts in BOTH networks (as a ping reply 
> needs to find its
> >way too) NEED to be put on the hosts, as your default 
> gateway for these
> >hosts is not the m0n0wall, which is the gateway to the other network.
> >
> >Try this:
> >
> >At the 10.1.1.12, set a route to 10.2.1.0/24 over gateway 10.1.1.200
> >
> >At the 10.2.1.x (some host on the 10.2.1.0/24 network), set 
> a route to
> >10.1.1.0/24 over gateway 10.2.1.200
> >
> >Try to ping 10.1.1.12 from 10.2.1.x and vice versa... it should work.
> >
> >On a sidenote:
> >You should be aware of the strange behaviour it will cause 
> if you would ever
> >add routes at you default gateways, with no static routes on 
> your hosts.
> >Since the gateway will be on the local subnet of the hosts 
> using these
> >gateways, you will get this: 
> >
> >ping from 10.1.1.12 to 10.2.1.34 (sent packets)
> >10.1.1.12(host-a) -->  10.1.1.1(gateway-a) --> 10.1.1.200(m0n0) -->
> >10.2.1.34(host-b)
> >
> >ping from 10.1.1.12 to 10.2.1.34 (replied packets)
> >10.2.1.34(host-b) -->  10.2.1.1(gateway-b) --> 10.2.1.200(m0n0) -->
> >10.2.1.12(host-a)
> >
> >as you can see, the packets follow different routes from and 
> to, which won't
> >work (statefull packetfilter, someone correct me if I'm wrong)...
> >
> >Some Windows OS'es will 'learn' that the next hop is on the 
> local subnet and
> >create a static route (non-persistent) automatically, which 
> makes it even
> >more complicated when looking for the cause of a problem in 
> this matter!
> >
> >Regards,
> >Joachim
> >
>
> I must have missed part of the network configuration description.  I 
> thought both networks used m0n0wall as their default gateway, 
> in which 
> case no static routes would be needed.  If the hosts on 
> either network 
> gateway to something else, then they would either need a 
> static route, 
> or the device they gateway to would need a static route to 
> the m0n0wall 
> (this would allow for easier administration).  Sorry about that.

Well, as I describe in the last part ('on a sidenote'), the 'add a route to
the gateways instead of the hosts' solution will not work either... I guess
you will have to re-read my reply too ;)

Regards,
Joachim


-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------

effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------