|
||||||||
On Sat, 26 Jun 2004, Joe LaGreca wrote: > I just added another NIC to my m0n0wall to create a DMZ for my wireless > network. Here is a quick rundown of my network: > > LAN: 192.168.0.1 > OPT1: 192.168.5.1 > > I can ping OPT1 interface from LAN, but not 192.168.5.5, which is the > address of my AP. I can ping the AP from the m0n0wall. > > I really don't know what I need to do in order to pass traffic. I have > tried creating a static route from my LAN to 192.168.5.0/24 but no luck. "Creating a route" where? In order for this to route, the *rest of* the machines in one subnet need to see the m0n0wall as the route to the other. In each case, if the m0n0wall is the default gateway for the subnet this will happen automatically, but otherwise it won't. It the latter case, adding the static route on the machine that *is* the default gateway should be sufficient, since it will inform other machines via ICMP Redirect. You can check the routing by trying a ping and then doing a "netstat -rn" shortly thereafter. The "shortly thereafter" part covers cases where a temporary routing entry is made via ICMP Redirect, as well as the static route case. > In the firewall rule section I have a rule under OPT1 to allow any protocol > from OPT1 to anywhere, figuring I would need that for any wireless users to > get out to the internet. I also created a rule to pass traffic from source > LAN to destination OPT1. It doesn't sound like a firewall problem, but if the routing is correct it might be due to NAT getting in the way. In your configuration, you probably don't want any NATting between LAN and OPT1, but do want it for traffic between either of those and the WAN. ISTR that the default NAT configuration isn't set up this way ("basic NAT" is designed primarily for a two-interface LAN/WAN setup). FRed Wright |