|
||||||||
On Sun, 29 Aug 2004, Seth Rothenberg wrote: > > One of the big attractions of m0n0wall is the inclusion of PopTop. > I am trying to use PopTop to secure the wireless segment > _on the way to_ the Internet. That would be a pretty good trick, considering m0n0wall doesn't use PoPToP. Oh, you mean MPD. :-) > PopTop is working, as I can read my mail > over the LAN which is on the other side of the tunnel, > but I can't route to the internet from the Laptop. Based on the rules you have, this shouldn't have worked. This seems like a bug. But maybe not, see below. > Destination Gateway Flags Refs Use Netif Expire > default 216.220.103.177 UGSc 3 54542 sis1 > 10.248.126/24 link#1 UC 1 0 sis0 > 10.248.126.199 00:20:ed:45:17:4f UHLW 1 13399 sis0 1197 > 10.248.127/24 link#7 UC 1 0 wi0 > 10.248.127.40 00:02:6f:07:56:a8 UHLW 6 592036 wi0 1190 > 127.0.0.1 127.0.0.1 UH 1 0 lo0 > 216.220.103.176/29 link#2 UC 1 0 sis1 > 216.220.103.177 00:00:c5:97:30:20 UHLW 5 267 sis1 1091 > 216.220.103.181 127.0.0.1 UGHS 0 0 lo0 This from m0n0wall? You don't specify what IP addresses you use for the PPTP tunnels. And your routing tables seem to have been obtained without the tunnel actually up. > I have a rule for OPT1 (10.248.127.1) > * OPT1 net * * * OPT1 -> any > I also have 2 rules on LAN interface, one for just LAN Net, > and for testing, a rule for LAN interfacae, but ANY network, to anywhere. > * * * * * Default LAN -> any Changing the source on the LAN rule shouldn't be needed unless you plan to have traffic from other networks routed through the LAN. This is *not* the way to allow PPTP traffic. You don't mention a "PPTP Clients" rule. Without that, your PPTP clients shouldn't get any connectivity at all. The fact that they can reach your LAN suggests another problem (see below). It's a bit confusing that the "PPTP Clients" category doesn't display when it's empty. But it *is* available as a choice for new rules. On Sun, 29 Aug 2004, Seth Rothenberg wrote: > The windows ROUTE command says this (below), but as > I mentioned, I don't think windows is the problem > (for once :-) I think the m0n0 can be configured > to grab these packeets and send them out. > > Maybe a NAT is missing ? NAT on the client side? Not unless the Windows machine is going to be routing for others. > =========================================================================== > Active Routes: > Network Destination Netmask Gateway Interface Metric > 0.0.0.0 0.0.0.0 10.248.126.80 10.248.126.80 1 > 0.0.0.0 0.0.0.0 10.248.127.1 10.248.127.40 31 Typical Windows with multiple default gateways. :-) I think the first one wins, either by position or by metric. That's confirmed below. > 10.248.126.80 255.255.255.255 127.0.0.1 127.0.0.1 50 > 10.248.127.0 255.255.255.0 10.248.127.40 10.248.127.40 30 > 10.248.127.1 255.255.255.255 10.248.127.40 10.248.127.40 30 > 10.248.127.40 255.255.255.255 127.0.0.1 127.0.0.1 30 > 10.255.255.255 255.255.255.255 10.248.126.80 10.248.126.80 50 > 10.255.255.255 255.255.255.255 10.248.127.40 10.248.127.40 30 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 224.0.0.0 240.0.0.0 10.248.127.40 10.248.127.40 30 > 224.0.0.0 240.0.0.0 10.248.126.80 10.248.126.80 1 > 255.255.255.255 255.255.255.255 10.248.126.80 2 1 > 255.255.255.255 255.255.255.255 10.248.127.40 10.248.127.40 1 > Default Gateway: 10.248.126.80 You have LAN and WLAN at the same time? If the wired LAN is really connected, how do you know the PPTP connection to LAN was working at all? And you have to be careful about split routing when any form of stateful filtering is involved. Fred Wright |