|
||||||||
On Sun, 23 May 2004, Julien wrote: > Julien wrote: > > Fred Wright wrote: > >> On Sun, 23 May 2004, Julien wrote: > >> > >>> i have a problem with PPTP. First of all let me introduce me my > >>> Settings: My M0n0wall is at the moment only used as Access Point,so > >>> i built in one Wireless NIC(defined as WAN) for the (Host)AP and one > >>> Ethernet NIC for the Connection. The LAN Side is connected to the > >>> integrated switch of an DSL Router, together with the some > >>> stationary clients. What i´m trying to realize is that Mobile Users > >>> can Dial in via WLAN, authenticate via PPTP, use LAN Resources and > >>> access the Internet via the DSL Router. At the moment i´m so far > >>> that the mobile clients can access the LAN but NOT the Internet, > >>> so it must be some kind of routing problem. I tried to setup a > >>> default route for the PPTP Interface to the Internet with the > >>> Destination Network 0.0.0.0/32 (i´m not sure about the netmask to > >>> use here?!?!) and the routers LAN interface as Gateway. So, has > >>> anybody an idea how to solve this? Thanks a lot ;-) > >> > >> > >> Well, 0.0.0.0/32 only matches packets directed precisely to 0.0.0.0, so > >> it's pretty useless. :-) > >> > >> There's no "clean" way to set this up, since m0n0wall doesn't allow for > >> the possibility of having an external default gateway on the > >> LAN. Swapping LAN and WAN designations would fix this, but would have > >> other problems. > >> > >> The only way I know of to do this is to manually edit the config.xml > >> file > >> to include the line > >> > >> <shellcmd>route add default w.x.y.z</shellcmd> > >> > >> in the "system" section, where "w.x.y.z" should be the LAN IP of the DSL > >> router. I recommend putting it between the "timezone" and > >> "timeservers" entries. > >> > >> Use the m0n0wall ping feature to verify that you can access the Internet > >> from the m0n0wall itself, though note that if you want to use symbolic > >> hostnames you'll need at least one correct DNS IP in the m0n0wall > >> config. > >> > >> Outbound traffic from PPTP clients should then work as long as they see > >> the m0n0wall as the default gateway, but routing the return traffic > >> needs > >> the DSL router to see the m0n0wall as the gateway to those machines, > >> which > >> can be done in one of three ways. > >> > >> 1) Use NAT to map the PPTP clients to a LAN IP. Unfortunately, this > >> would > >> be "backwards NAT" in the current LAN/WAN setup, and I don't think it's > >> possible. > >> > >> 2) Put the PPTP clients in a different subnet and add a static route > >> entry > >> to the DSL router to make that subnet reachable via the m0n0wall. The > >> latter may or may not be possible, depending on the router. > >> > >> 3) Put the PPTP clients on LAN IPs and have the m0n0wall do Proxy ARP > >> for > >> them. Its current ProxyARP support isn't really set up for that case, > >> though (and Proxy ARP should always be a last resort, anyway). > >> > >> Swapping LAN and WAN designations would allow #1, but would create a > >> host > >> of other problems. Replacing the DSL router with another m0n0wall would > >> allow #2. > >> > > thanks for the fast response ;-) but i´m really new to m0n0wall,so how > > do i get shell access(boot parameter?) or remote access to edit the > > config.xml file? Download it, edit it, upload it. But I guess you figured that out. > i figured this one out for myself *g* made the entry for the default > gateway and tried 2 and 3, but it didn´t work :-( I presume you were able to access the Internet from the m0n0wall itself (e.g. via ping) after making the routing entry (and rebooting). When you say "tried" 2 and 3, do you mean "tried" or "investigated"? If your DSL router allows you to make the routing entry, and you choose the IP addresses appropriately, then I'd expect #2 to work. I don't think you can do #3 via the m0n0wall GUI, although you might be able to make it work via some "arp" commands as "shellcmd" entries. Fred Wright |