[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] I'm a bit confused..
 Date:  Sun, 12 Sep 2004 13:49:44 -0700 (PDT) 
On Fri, 10 Sep 2004, Greg Brown wrote:

> I'm trying to figure out how I'm going to route from one lan to 
> another.  Here is my setup:
> 
> WAN: currently unused - going to be my connection to my cablemodem
> LAN: 192.168.15.x/24 - my wired subnet
> LAN1: 192.168.16x/24 - my wireless subnet
> 
> Ultimately I'd like to run IPSec over the wireless segment, but I'll 
> settle for PPTP for now.  And I have the PPTP server up and running.
> 
> So, here's what I'd like to do in phase 1:
> 
> WAN: unused
> LAN: no nat, but statefully passes packets to LAN1 when requested from 
> LAN1
> LAN1: accepts nothing over the wireless segment except PPTP, I'd like 
> to have 192.168.15.6, the current IP address of the LAN port to be the 
> default gateway (basically I'd like to route from 192.168.16.x to 
> 192.168.15.x).
> 
> I have my firewall rules set up and being from the linux world I've 
> grown used to setting up routing in my firewall rules.  M0n0 seems to 
> be a bit different.  What's the easiest way to enable routing between 
> LAN1 and LAN?

You don't have to do anything special for routing on the router itself, as
long as it's only the directly-connected subnets you describe.  The
default setup includes a LAN->any rule, but you need to add that manually
for LAN1.

The other part of routing is making sure the *other* machines know that
the m0n0wall is the gateway for the other subnet.  If they have the
m0n0wall as the default gateway, this is automatic.  Otherwise, *they*
would need static routes to the other subnet via the m0n0wall.

On Sat, 11 Sep 2004, Andrew Greenwood wrote:

> I had a similar problem recently.
> 
> The way I worked around it was to go into the NAT setup, and click on the
> "Outbound" tab, enable the outbound NAT feature and add 2 rules - one for
> IPs going to the internet, and one for IPs going to LAN1.
> 
> I can't remember the exact details right now but that's hopefully a start!

That's only if you're trying to NAT between the subnets.  While that's *a*
way of making the routing work, it's usually not the best way.

					Fred Wright