On Sun, 29 Aug 2004, Terry Miller wrote:

> But I'm setting up monowall and I can't get a route between the lan and opt1
> to work.
> 
> Monowall ver 1.1
> 
> Lan 192.168.0.0 /28  Monowall interface is 192.168.0.12 
> Opt1 192.168.11.0 /24 monowall interface is 192.168.11.2
> 
> I have hosts at 192.168.11.1, 192.168.0.1 & 192.168.0.10 and can ping them
> all from Monowall, but I can't ping or tracert between subnets.

So you proved that there was nothing wrong with the routing within
m0n0wall.

> I entered the following firewall rules:
> 
> LAN Default lan -> any still exists
>     any proto source OPT1 net any port dest lan net any port
> 
> OPT1 1st rule same as rule 2 above
>      any proto source lan net any port dest opt1 net any port

This should be fine, but if there's any doubt about the firewall being
involved, you can always enable logging.

> When I couldn't ping or tracerout I added 2 static routes
> 
> Interface  network          gateway        Desc
> Opt1       192.168.0.0/28   192.168.0.12  opt1->lan
> Lan         192.168.11.0/24 192.168.11.2  lan -> Opt1

Which are at best useless.  You don't need static routes for
directly-connected addresses.

> What am I missing here? This should be easy!

Most likely it's the routing on the *other* machines that's the issue.  If
they don't have the m0n0wall as the default gateway, then they need to
have it configured as a route to the other subnet.

					Fred Wright