[ previous ] [ next ] [ threads ]
 
 From:  "Terry Miller" <terry at millfam dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] I hate to sound like a noob
 Date:  Sun, 29 Aug 2004 15:14:13 -0500
The 192.168.0.10 address is a computer (XP) and it does have a default
gateway of 192.168.0.12. If I move it to the second subnet it can browse the
internet and receive mail. The other 2 hosts are currently the lan port of
an old router and a wireless access point. I'm just using those for testing
the routing now.

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.0.12    192.168.0.10       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0  255.255.255.240     192.168.0.10    192.168.0.10       30
     192.168.0.10  255.255.255.255        127.0.0.1       127.0.0.1       30
    192.168.0.255  255.255.255.255     192.168.0.10    192.168.0.10       30
        224.0.0.0        240.0.0.0     192.168.0.10    192.168.0.10       30
  255.255.255.255  255.255.255.255     192.168.0.10    192.168.0.10       1
Default Gateway:      192.168.0.12
===========================================================================
Persistent Routes:
  None

-----Original Message-----
From: Fred Wright [mailto:fw at well dot com] 
Sent: Sunday, August 29, 2004 3:06 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] I hate to sound like a noob



On Sun, 29 Aug 2004, Terry Miller wrote:

> But I'm setting up monowall and I can't get a route between the lan 
> and opt1 to work.
> 
> Monowall ver 1.1
> 
> Lan 192.168.0.0 /28  Monowall interface is 192.168.0.12
> Opt1 192.168.11.0 /24 monowall interface is 192.168.11.2
> 
> I have hosts at 192.168.11.1, 192.168.0.1 & 192.168.0.10 and can ping 
> them all from Monowall, but I can't ping or tracert between subnets.

So you proved that there was nothing wrong with the routing within m0n0wall.

> I entered the following firewall rules:
> 
> LAN Default lan -> any still exists
>     any proto source OPT1 net any port dest lan net any port
> 
> OPT1 1st rule same as rule 2 above
>      any proto source lan net any port dest opt1 net any port

This should be fine, but if there's any doubt about the firewall being
involved, you can always enable logging.

> When I couldn't ping or tracerout I added 2 static routes
> 
> Interface  network          gateway        Desc
> Opt1       192.168.0.0/28   192.168.0.12  opt1->lan
> Lan         192.168.11.0/24 192.168.11.2  lan -> Opt1

Which are at best useless.  You don't need static routes for
directly-connected addresses.

> What am I missing here? This should be easy!

Most likely it's the routing on the *other* machines that's the issue.  If
they don't have the m0n0wall as the default gateway, then they need to have
it configured as a route to the other subnet.

					Fred Wright


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch