Thanks very much for the ideas.
My m0n0wall is the default gateway and router for all of my networks,
so I guess that means I can remove the static route I created to get
from LAN to OPT1. It sounds like in my case no static route is
I think I have my setup as a basic NAT between my LAN and WAN. I then
added another NIC, and ran into this mess. How should I have my
routing setup between all three interfaces?
> I just added another NIC to my m0n0wall to create a DMZ for my wireless
> network. Here is a quick rundown of my network:
> LAN: 192.168.0.1
> OPT1: 192.168.5.1
> I can ping OPT1 interface from LAN, but not 192.168.5.5, which is the
> address of my AP. I can ping the AP from the m0n0wall.
> I really don't know what I need to do in order to pass traffic. I have
> tried creating a static route from my LAN to 192.168.5.0/24 but no luck.
"Creating a route" where? In order for this to route, the *rest of* the
machines in one subnet need to see the m0n0wall as the route to the
other. In each case, if the m0n0wall is the default gateway for the
subnet this will happen automatically, but otherwise it won't. It the
latter case, adding the static route on the machine that *is* the default
gateway should be sufficient, since it will inform other machines via ICMP
You can check the routing by trying a ping and then doing a "netstat -rn"
shortly thereafter. The "shortly thereafter" part covers cases where a
temporary routing entry is made via ICMP Redirect, as well as the static
> In the firewall rule section I have a rule under OPT1 to allow any protocol
> from OPT1 to anywhere, figuring I would need that for any wireless users to
> get out to the internet. I also created a rule to pass traffic from source
> LAN to destination OPT1.
It doesn't sound like a firewall problem, but if the routing is correct it
might be due to NAT getting in the way. In your configuration, you
probably don't want any NATting between LAN and OPT1, but do want it for
traffic between either of those and the WAN. ISTR that the default NAT
configuration isn't set up this way ("basic NAT" is designed primarily for
a two-interface LAN/WAN setup).