On Sun, 23 May 2004, Julien wrote:
> Julien wrote:
> > Fred Wright wrote:
> >> On Sun, 23 May 2004, Julien wrote:
> >>> i have a problem with PPTP. First of all let me introduce me my
> >>> Settings: My M0n0wall is at the moment only used as Access Point,so
> >>> i built in one Wireless NIC(defined as WAN) for the (Host)AP and one
> >>> Ethernet NIC for the Connection. The LAN Side is connected to the
> >>> integrated switch of an DSL Router, together with the some
> >>> stationary clients. What i´m trying to realize is that Mobile Users
> >>> can Dial in via WLAN, authenticate via PPTP, use LAN Resources and
> >>> access the Internet via the DSL Router. At the moment i´m so far
> >>> that the mobile clients can access the LAN but NOT the Internet,
> >>> so it must be some kind of routing problem. I tried to setup a
> >>> default route for the PPTP Interface to the Internet with the
> >>> Destination Network 0.0.0.0/32 (i´m not sure about the netmask to
> >>> use here?!?!) and the routers LAN interface as Gateway. So, has
> >>> anybody an idea how to solve this? Thanks a lot ;-)
> >> Well, 0.0.0.0/32 only matches packets directed precisely to 0.0.0.0, so
> >> it's pretty useless. :-)
> >> There's no "clean" way to set this up, since m0n0wall doesn't allow for
> >> the possibility of having an external default gateway on the
> >> LAN. Swapping LAN and WAN designations would fix this, but would have
> >> other problems.
> >> The only way I know of to do this is to manually edit the config.xml
> >> file
> >> to include the line
> >> <shellcmd>route add default w.x.y.z</shellcmd>
> >> in the "system" section, where "w.x.y.z" should be the LAN IP of the DSL
> >> router. I recommend putting it between the "timezone" and
> >> "timeservers" entries.
> >> Use the m0n0wall ping feature to verify that you can access the Internet
> >> from the m0n0wall itself, though note that if you want to use symbolic
> >> hostnames you'll need at least one correct DNS IP in the m0n0wall
> >> config.
> >> Outbound traffic from PPTP clients should then work as long as they see
> >> the m0n0wall as the default gateway, but routing the return traffic
> >> needs
> >> the DSL router to see the m0n0wall as the gateway to those machines,
> >> which
> >> can be done in one of three ways.
> >> 1) Use NAT to map the PPTP clients to a LAN IP. Unfortunately, this
> >> would
> >> be "backwards NAT" in the current LAN/WAN setup, and I don't think it's
> >> possible.
> >> 2) Put the PPTP clients in a different subnet and add a static route
> >> entry
> >> to the DSL router to make that subnet reachable via the m0n0wall. The
> >> latter may or may not be possible, depending on the router.
> >> 3) Put the PPTP clients on LAN IPs and have the m0n0wall do Proxy ARP
> >> for
> >> them. Its current ProxyARP support isn't really set up for that case,
> >> though (and Proxy ARP should always be a last resort, anyway).
> >> Swapping LAN and WAN designations would allow #1, but would create a
> >> host
> >> of other problems. Replacing the DSL router with another m0n0wall would
> >> allow #2.
> > thanks for the fast response ;-) but i´m really new to m0n0wall,so how
> > do i get shell access(boot parameter?) or remote access to edit the
> > config.xml file?
Download it, edit it, upload it. But I guess you figured that out.
> i figured this one out for myself *g* made the entry for the default
> gateway and tried 2 and 3, but it didn´t work :-(
I presume you were able to access the Internet from the m0n0wall itself
(e.g. via ping) after making the routing entry (and rebooting).
When you say "tried" 2 and 3, do you mean "tried" or "investigated"? If
your DSL router allows you to make the routing entry, and you choose the
IP addresses appropriately, then I'd expect #2 to work. I don't think you
can do #3 via the m0n0wall GUI, although you might be able to make it work
via some "arp" commands as "shellcmd" entries.