[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Franz Lippi'" <lippi dot franz at blastministries dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] cant get traffic thru firewall - WAN setup problem?
 Date:  Tue, 13 Jul 2004 12:21:55 -0400
Do you really need a second NAT? Your network will look something like:

(Internet)
  |
(Public IP >> NAT << Private Subnet 1) - Netgear RT338
  |
(Private Subnet 1 >> NAT << Private Subnet 2) - m0n0wall
  |
(LAN)

Private Subnet 1 is already 192.168.0.1/24 (subnet mask of 255.255.255.0 is
default) 
Private Subnet 2 could be any other private subnets (192.168.0.0/24,
172.16.0.0/12, 10.0.0.0/8) except 192.168.0.0/24 ;-)

Setting the WAN of the m0n0wall to DHCP (as previously suggested by Ryan
Giobbi) would do the trick. But then you would need some complex rules to
allow traffic to the LAN. 

What are you intending to stop with a second NAT? Do you have a specific
problem you are trying to solve with the addition of the m0n0wall?

BTW, here is where you can find the manual for your router, if you have lost
it: ftp://downloads.netgear.com/files/netgear1/rt338refguide.pdf I get board
and read things... ;-)

James.

-----Original Message-----
From: Franz Lippi [mailto:lippi dot franz at blastministries dot net] 
Sent: Tuesday, July 13, 2004 11:55 AM
To: James W. McKeand
Subject: Re: [m0n0wall] cant get traffic thru firewall - WAN setup problem?

YES thats correct
------

James W. McKeand wrote:

>Sounds like the Netgear ISDN Router is already doing NAT. (thus the 
>non-routable 192.168.0.1 IP and a Non-disclosed Public IP address - 
>MyWWWStatic IP)
>
>I am assuming that without the m0n0wall, your network PCs get out to 
>the internet and people can get to your web server on the LAN.
>
>  
>
YES thats correct
------

>________________
>James W. McKeand
>
>-----Original Message-----
>From: Franz Lippi [mailto:lippi dot franz at blastministries dot net]
>Sent: Tuesday, July 13, 2004 10:37 AM
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] cant get traffic thru firewall - WAN setup problem?
>
>Hi,
>I am a m0n0wall newbie, looks like a great product and comes with high 
>recommodation, but I got stuck.....description of what I did so far:
>
>I have set up a computer w 2 NICs, tested them physically on the local 
>lan side, works fine.
>
>this is my setup:
>
>ISP over ISDN dialin; I get the the same IP Adress at every dialin 
>(MyWWWStatic IP ) , the netgear ISDN Router handles that
>    |
>-------------------------------
>Ethernet to ISDN Router (Netgear RT338)     Router IP: 192.168.0.1
>-------------------------------
>    |
>-------------------------------
>Monowall NIC "WAN"   (setup: static IP adress (MyWWWStatic IP) w default 
>gateway pointing to Netgear Router (192.168.0.1)) Monowall NIC "LAN",
>192.168.0.25
>-------------------------------
>   |
>---------------------------------------------
>Local Network w PCs 192.168.0.10-35
>---------------------------------------------
>
>WAN config:
>I tried to put the WAN NIC to a static IP adress (MyWWWStatic IP) w 
>default gateway pointing to Netgear Router (192.168.0.1) I can access 
>the webGUI over the Local LAN; I put in rules for  WAN , TCP protokoll 
>* * * * allow traffic, for  LAN proto *,  Source LAN-net, *  *  * allow 
>traffic
>
>I thought this is a pretty forward setup, BUT I  CNAT BRING ANY TRAFIIC 
>OVER THE FIREWALL.
> 
>Am I sitting on my brain or
>has the fact that my IF to the ISP is a Eth 2 ISDN router something to 
>do with it?
>Do you have any ideas?
> 
>Grateful for help!!
>Franz Lippi
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>