General Questions

Using 1.3b2 generic pc on CF.

I'm not deploying my monowall in this network, but this is where I set it up and test it. Seems to have a routing problem.

Internet
   |
Linux router_______
   |                           |
192.168.1.254       192.168.6.254
   |                            |
subnet 1                 subnet 2,  monowall

Linux router is running dhcp server on both subnets. dnsmasq is running on 192.168.1.254, dhcp server gives this as DNS server address to clients on both subnets. Linux firewall allows all traffic originating from both subnets, so a client can freely access machines on either LAN interface. This is demonstrated working on a linux client on subnet 2, which gets an IP address (192.168.6.x) via dhcp and is able to ping clients @192.168.1.x and has DNS access @192.168.1.254.

Enter my new mono box. LAN is 10.1.0.1, dhcp server enabled. WAN is dhcp. It gets 192.168.6.x for WAN address and 192.168.1.254 for DNS. I connect a desktop to mono's LAN, it gets a 10.1.0.x address and 10.1.0.1 for DNS. So far good.

Now I try to visit a web site on my 10.1 client... no DNS. I ping yahoo.com: "10.1.0.1: No route to host". I use mono's Ping/Traceroute page to ping 192.168.1.254 @WAN: "no route to host".

I add a static route to 192.168.1.0/24 @WAN, now I can ping that subnet from mono's LAN, but I still can't ping anything on the linux router's WAN. It seems that mono has no default route in this setup.

I suppose you want to know what the routing table looked like. I don't have mono in this setup any more, but I can tell you essentially from memory (using another mono for reference):

10.1/16              link#1                UC          0          0                 em0
192.168.6/24     link#2                UGS        0          0                 nve0

Not sure about columns 3,4, and 5, but it was clear there was no default route in the routing table.

"Block Private Networks" is not checked on the WAN page, just to be sure.

db

moved this over from bug reports because it's highly unlikely to be a bug. more likely a missing static route somewhere or something similar. Don't have time to look closer right now but I'll bump it, and it should get more eyes on it here than in the bug reports board.

I take it that when you have no default gateway on the WAN interface when you look at the interfaces page.   It would appear that is has no 0.0.0.0 route. I have had similar when I tried to set a mono up with a passed through IP from a DSL router.  It got the ip address but no gateway.  I had no way of manually adding it in my case.  Could you set your WAN address up as a static address and manually put in the gateway.

I don't recall any details from the status: interfaces page, although I'll be able to come back to this when I build another mono in a few days here. For sure there was no 0.0.0.0 route in the routing table, as I was looking for it. I tried adding 0.0.0.0/0 as a static route, but it's apparently not possible through the GUI.

I imagine a person could add a default route through exec.php, I just don't know the correct command in FreeBSD, or whether the same command would work on mono in this case.

db

now that I actually read this, yes, indeed, a missing default gateway is a big problem. why can't you just have your DHCP server assign a default gateway? Manually adding a default route is possible, 'route add default x.x.x.x', but not a good idea. why bother with DHCP if you have to fill in the default gateway yourself? might as well just set it up with a static IP...

My DHCP server does assign a default gateway, which works for all clients except the monowall. This is the point of my original post.

db

My DHCP server does assign a default gateway, which works for all clients except the monowall. This is the point of my original post.

Ah, missed that.

What's the default gateway it's assigning? Some OS's will accept a default gateway that's not within the subnet of the interface you're assigning it to, even though that's wrong, but FreeBSD (and hence m0n0wall) won't. That's the only situation I can think of where it wouldn't accept the default gateway given from DHCP.

My dhcpd.conf file applies to all interfaces on which dhcpd is listening (2 in this case), and defines two gateways:

option routers 192.168.1.254, 192.168.6.254;

It also defines two subnets:

subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.100 192.168.1.120;
        }

subnet 192.168.6.0 netmask 255.255.255.0 {
        range 192.168.6.100 192.168.6.120;
        }

The linux clients on iface 192.168.1.254 use the appropriate gateway (192.168.1.254) address (192.168.1.x ) and DNS (192.168.1.254).

The linux clients on iface 192.168.6.254 use the appropriate gateway (192.168.6.254) address (192.168.6.x) and DNS (192.168.1.254).

In my mind, there should be a separate dhcpd.conf, or at least separate sections for each iface, however this does not appear to be the case (I'm using dhcp3-server debian pkg in linux for the router). Perhaps this duality is a problem for monowall as a dhcp client?

db

It's been a while since I've used dhcpd, but I think you can put option routers under the specific scope. Try that and see what happens.