General Questions

I'm using Microsoft Virtual Server 2005 to try to simulate a multi-site Active Directory setup, prior to implementation.  I am using three m0n0wall instances to simulate a router at each 'site' and the 'internet'

On my Virtual Server, I have created three Virtual Networks -- VN_WAN, VN_SITE1 and VN_SITE2 (in addition to the pre-installed External Network).  I have also created three virtual m0n0walls and two virtual Windows Servers.  The are rigged as per the attached network diagram.  I can also use the Loopback Adapter on my VS host to connect to any of the m0n0wall instances.

My problem is that, while the Windows servers can see their parent m0n0walls, they can't see past that to the 'internet' m0n0wall.  I have turned off the 'Block RFC-1918...' option for the 'site' routers.

I can PING a server on my External Network from the 'internet' m0nowall but if I try to do so from server1.domain1.com, I get:

Code:

Reply from 192.168.102.10: Destination host unreachable.

I'm sure it is a basic NAT or rules thing I am missing, but I can't see what it is.

Can anyone help?

Thanks,

J.

Isn't  there  a std rule in rules to block the RFC internal NAT addresses?
I would guess that the problems is that the x.x.102/103 routers are blocking because they think these ares masked for internal NAT ips?

Is there an additional rule other than the 'Block RFC-1918...' option on the WAN setup?