Hi, thanks for your answer...
> If I get it right m0n0wall is supposed to pass all Net1 traffic destined
> for Net2 - and redirect all other traffic to Router X?
Yes, exactly... and m0n0wall is also the default gateway for Net1 wich is on the WAN Port.
> Just to make sure: network 1 and 2 are both private networks right?
> ...and traffic from Net1 to Net2 (and vice versa) is passed OK, or what?
> Otherwise I would think that it's the standard anti-spoofing rule that
> blocks RFC1914 addresses on WAN (disable it on WAN)
No, network 1 and 2 are both with official Internet IP's (NAT is disabled), but they are
only reachable from the Big Company Network! The only Private Network is our DMZ
and some IP ranges in the Big Company Network! ...and yes, traffic from Net1 to Net2 (
and vice versa) is passed OK.
> Could you take a look in the firewall log and see which rule is blocking
> the traffic?
> Posting a log with spoofed IP-addresses would probably be helpful, if
> you're unsure about reading it yourself.
Yes, i go and install it again! But i can do this only in the evening, then i send the logs.
From: Andreas Gracco [mailto:A dot Gr at ims dot ch]
Sent: 6. maj 2004 14:10
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] routing / icmp redirect
Can somebody plz help me to solve this problem?
I have 2 Networks and 1 Internet Connection and 1 WAN connection to a
big company's network!
I want to replace our cisco router with m0n0wall. The cisco works fine
but it is to slow (WAN only 10Mbit/s), not easy to configure, not
extendable and toooooo vulnerable!
Big Company Network
Router X (I can't configure this)
Our Network 1
| WAN |
| LAN |
Our Network 2
The Hosts in our Network 1 have configured m0n0wall as their default
On the m0n0wall i have Router X as default gateway on WAN and some
static routes for DMZ/VPNs and so on.
m0n0wall doesn't redirect tcp/udp connections incomming on the WAN
interface to the responsible router!
For example, if a host from "our network 1" wants to connect with telnet
to a host in the "Big Company Network" m0n0wall blocks the connection
instead of redirecting it to "Router X"! Ping's are redirected but
tcp/udp connections are blocked!
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch