Hi Michael!

Since I haven't toyed much with m0n0wall static routes I can't say for sure how well the
implementation works.

However, it would be rather interesting to have a look at the rule which is apparently blocking the
traffic - rule 68, rule group 0 on dc0 interface.

Could you take at look at rule 68 in your <m0n0wall-IP>/status.php?

BTW: Andreas Gracco seemed to have a similar problem.
http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=52&actionargs[]=57
Unfortunately he never got back to me.

/Martin

-----Original Message-----
From: Michael Østergaard Pedersen [mailto:michael at bytopia dot dk] 
Sent: 15. maj 2004 21:17
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Problem with static routes

Hi,

Thanks for the reply. I was considering the non-symmetric routes as a 
problem, but since TCP connections are identified by source, source port, 
destination and destination port I didn't think that it would be a problem 
as long as the other host received it's packets. As far as I know the whole 
idea of the Internet is that the host doesn't care how the packets are 
routed to their destination.

There seems to be some confusion about states since the m0n0wall are 
dropping packets that are clearly allowed in my firewall rules and my guess 
is that if these packets made it to their destination the destination would 
reply correctly.

A static route on all hosts on the LAN works fine, but the 172.16.0.0/16 was 
just an example. We have over 30 subnets on that MPLS connection and over 40 
workstations on the LAN. Managing static routes is something that I would 
prefer to be without :)

Putting the router on a separate interface on the m0n0wall is something we 
will do in the future, but right now we just need something that works as it is.

Regards,
Michael