News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: An age old question with a twist -- routing with monowall
Pages: [1]
Topic: An age old question with a twist -- routing with monowall  (Read 1729 times)
« on: January 24, 2008, 05:50:49 »
SankatMochan *
Posts: 6
Hello Everyone,

I hope the moderators would permit this double post as this issue might just be resolved by some firewall guru as well..

I have sifted through our dear google's search system, both, the general internet one and the m0n0.ch based..

all that work, got me megabytes of data but did not find me a workable solution. Allow me to present the situation with a router config which I am trying to replace with m0n0wall:


!
interface Ethernet0
 ip address XXX.YYY.100.8 255.255.255.224 secondary
 ip address XXX.YYY.100.1 255.255.255.224
 no ip redirects
 no ip proxy-arp
 no ip route-cache cef
!
interface Ethernet1
 ip address XXX.YYY.8.46 255.255.255.252
 ip broadcast-address XXX.YYY.8.47
 no ip redirects
 no ip proxy-arp
 no ip route-cache cef
 load-interval 30
 duplex auto
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1 XXX.YYY.8.45
ip route XXX.YYY.100.32 255.255.255.248 XXX.YYY.100.19
ip route XXX.YYY.100.40 255.255.255.248 XXX.YYY.100.16
ip route XXX.YYY.100.48 255.255.255.248 XXX.YYY.100.16
ip route XXX.YYY.100.56 255.255.255.248 XXX.YYY.100.19
ip route XXX.YYY.100.64 255.255.255.240 XXX.YYY.100.17
ip route XXX.YYY.100.80 255.255.255.240 XXX.YYY.100.19
ip route XXX.YYY.100.96 255.255.255.224 XXX.YYY.100.16
ip route XXX.YYY.100.128 255.255.255.224 XXX.YYY.100.19
ip route XXX.YYY.100.160 255.255.255.248 XXX.YYY.100.19
ip route XXX.YYY.100.168 255.255.255.248 XXX.YYY.100.19
ip route XXX.YYY.100.176 255.255.255.248 XXX.YYY.100.19
ip route XXX.YYY.100.184 255.255.255.248 XXX.YYY.100.19
ip route XXX.YYY.100.192 255.255.255.240 XXX.YYY.100.18
ip route XXX.YYY.100.208 255.255.255.240 XXX.YYY.100.19
ip route XXX.YYY.100.224 255.255.255.224 XXX.YYY.100.16
ip route XXX.YYY.101.0 255.255.255.0 XXX.YYY.100.16
ip route XXX.YYY.103.0 255.255.255.0 XXX.YYY.100.17
ip route XXX.YYY.110.0 255.255.255.0 XXX.YYY.100.16
!

So, as you can see from the above:

WAN Interface:
XXX.YYY.8.46 / 255.255.255.252
GATEWAY XXX.YYY.8.45

LAN Interface:
Secondary XXX.YYY.100.8 255.255.255.224
Primary     XXX.YYY.100.1 255.255.255.248

Blocks XXX.YYY.100.0/24, XXX.YYY.101.0/24, XXX.YYY.103.0/24, XXX.YYY.110.0/24,  are forwarded by the ISP to the WAN block of XXX.YYY.8.46 / 255.255.255.252.

Some of these blocks are further subnetted on the existing router and forwarded by the existing router to servers. All IP's and blocks are public.

Any help in getting this to work will be highly appreciated. I have managed to get monowall working with the LAN IP and WAN IP but have been unable to route the different blocks to and from the related servers as pointed in the comparable cisco config.

Cheers !
« Reply #1 on: January 24, 2008, 13:02:06 »
markb ****
Posts: 331
Have you enabled the "Bypass firewall rules for traffic on the same interface" setting on the advanced page?
« Reply #2 on: January 24, 2008, 19:08:39 »
SankatMochan *
Posts: 6
I have tried with the bypass option as well. however it did not work. If I simply enable the advanced NAT option as suggested elsewhere then I can send traffic out from a LAN side public IP to the internet BUT that traffic seems to go via NAT and as expected appears as the WAN IP at the remote end... instead of appearing as the LAN side public IP ..

does that make sense? as in.. if I visit nwtools.com I would see my WAN IP.. suggesting that the traffic is being NATTED and not truly routed.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines