Since I haven't toyed much with m0n0wall static routes I can't say for sure how well the
However, it would be rather interesting to have a look at the rule which is apparently blocking the
traffic - rule 68, rule group 0 on dc0 interface.
Could you take at look at rule 68 in your <m0n0wall-IP>/status.php?
BTW: Andreas Gracco seemed to have a similar problem.
Unfortunately he never got back to me.
From: Michael Østergaard Pedersen [mailto:michael at bytopia dot dk]
Sent: 15. maj 2004 21:17
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Problem with static routes
Thanks for the reply. I was considering the non-symmetric routes as a
problem, but since TCP connections are identified by source, source port,
destination and destination port I didn't think that it would be a problem
as long as the other host received it's packets. As far as I know the whole
idea of the Internet is that the host doesn't care how the packets are
routed to their destination.
There seems to be some confusion about states since the m0n0wall are
dropping packets that are clearly allowed in my firewall rules and my guess
is that if these packets made it to their destination the destination would
A static route on all hosts on the LAN works fine, but the 172.16.0.0/16 was
just an example. We have over 30 subnets on that MPLS connection and over 40
workstations on the LAN. Managing static routes is something that I would
prefer to be without :)
Putting the router on a separate interface on the m0n0wall is something we
will do in the future, but right now we just need something that works as it is.