[ previous ] [ next ] [ threads ]
 
 From:  "Rodman Frowert" <frowertr at i dash 1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Wed, 8 Sep 2004 08:59:17 -0500 
Actually, it makes perfect sesnse.  I just can't get it wor work.  Here is 
what I have setup:

Static route:
      Interface Network Gateway Description
      LAN  10.10.10.0/24  192.168.1.1



Remember, my Lan is on 192.168.1.0/24 with the m0n0 LAN interface on 
192.168.1.1
&
My DMZ is on 10.10.10.0/24 with the DMZ interface on 10.10.10.1

I put a rule at the top of my DMZ that says:

      Proto Source Port Destination Port      Description
      * LAN Net   * DMZ *      *


This should allow any traffic into the DMZ from the LAN, correct?

Here is what I get when I try to ping 10.10.10.2 (my switch) from my LAN:
------------------------
C:\DOCUME~1\RODMAN>ping 10.10.10.2

Pinging 10.10.10.2 with 32 bytes of data:

Reply from 192.168.1.1: TTL expired in transit.
Reply from 192.168.1.1: TTL expired in transit.
Reply from 192.168.1.1: TTL expired in transit.
Reply from 192.168.1.1: TTL expired in transit.

Ping statistics for 10.10.10.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
-----------------------

If I do a Tracert command for 10.10.10.2 from my LAN this is what I get:
--------------------
Tracing route to 10.10.10.2 over a maximum of 30 hops
  1    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  2    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  3    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  4    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  5    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  6    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  7    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
  8    <1 ms    <1 ms    <1 ms  firewall.local [192.168.1.1]
-------------------

It will go to 30 and them finally time out.  It is almost like the 
192.168.1.1 doesn't know what to do with this packet it is getting with a 
destination of 10.10.10.2.

I do apreciate the help guys.  It is just frustrating that this isn't 
working properly...

Rodman


>Interface Network           Gateway
>Wireless  192.168.10.0/24   192.168.20.1
>
>ok that what my static route looks like. What that is saying is that any
>traffic from my 192.168.20.x/24 network to the destination network of
>192.168.10.x/24, use the gateway of 192.168.20.1 (the wifi card)
>
>does that help?
>
>Chet Harvey