If i could use NAT on my PPTP interface of Monowall it will solve my problem because the PPTP client
will send packets to
192.168.1.1 and Monowall will forward them to 192.168.0.2.
It is why i want to enable NAT on my PPTP interface.
Is it possible with monowall ? it is an important feature i think.
Bye and thanks.
Honnor and Glory to unix users.
De : Dave Warren [mailto:maillist at devilsplayground dot net]
Envoyé : mercredi 11 août 2004 23:05
À : Fournaux Nicolas; m0n0wall at lists dot m0n0 dot ch
Objet : Re: [m0n0wall] Is a NAT on PPTP interface a taboo subject ?
Fournaux Nicolas wrote:
>Is a NAT on PPTP interface a taboo subject ?
>It is strange that i m the only people who gets the problem.
>If your LAN is on 192.168.0.0/24 and if the LAN of the PPTP client is also on 192.168.0.0/24 (and
this case if not rare) how can pptp client send packet to the remote LAN ?
>The workstation will sent all packets to his LAN interface and not to VPN :(
>Cya and thanks for any help.
>Sorry for this reply from myself :)
Your only real option is to change the subnets on one or the other
side. IP was built with the assumption that *every* host has a unique
IP and there are no provisions for cases where multiple machines are
attempting to share IP space.
In Windows it MIGHT be possible to do this using route table entries, try
Assuming your "real" IP is 192.168.0.1 VPN IP you're assigned is
192.168.0.2, if you want to communicate with host 192.168.0.10 on the
VPN, try the following command:
route add 192.168.0.10 192.168.0.2
(Yes, this is routing a packet to yourself -- It tends to work though,
in Windows anyway)
In general IP renumbering (especially of a home LAN) isn't usually too
painful, especially when compared to dealing with similar IP blocks --
For most home LANs you just change the IP on their router and reboot all
the IPs and you're done.
I'd recommend picking something relatively unique, 10/8 is good for this
because the IP space is so huge (compared to 192.168/16), but you'll run
into some networks that use subnet masks of 10/8 just because they can.
Chances of colliding networks at 10.251.88/24 (or something equally
random) is significantly lower then the often-used 192.168.0/8 ro
Just sit through this NRA meeting Marge, and if you still
don't think guns are great then we'll argue some more.