General Questions

Trying to simulate a site to site link on a virtual server.
two Windows 2003 servers on a lan each with a monowall acting as a router

Using two Monowalls with 3 NIC cards each
Lan A 192.168.20/24
Lan B 192.168.30/24

ignoring WAN interface and trying to link opt1 on both monowalls to route packest from both lan subnets to each other but can't seem to do it. 
Tried firewall rules and static routes but can't seem to do it.
Tried the WAN interface and subnet A cant see subnet B or vice versa.

Anybody any ideas

Thanks

Elad

Not quite sure what you are trying.  Can you provide a diagram?

@markb: I think he tryes to connect 2 nets. both with a m0n0wall as gateway/router and a link between the opt1 of both m0n0walls so only the traffic to/from those subnets is routed over this link and not over VPN.

what rules(firewall und static routes) do you have exactly set?
what ip got the OPT1 of lan1's/lan2's m0n0wall?

Trying to simulate a site to site link on a virtual server.
two Windows 2003 servers on a lan each with a monowall acting as a router

Using two Monowalls with 3 NIC cards each
Lan A 192.168.20/24
Lan B 192.168.30/24

ignoring WAN interface and trying to link opt1 on both monowalls to route packest from both lan subnets to each other but can't seem to do it. 
Tried firewall rules and static routes but can't seem to do it.
Tried the WAN interface and subnet A cant see subnet B or vice versa.

Anybody any ideas

Thanks

Elad

Sounds like you need IPSec for this, meaning you have two sites in physically separate locations, but they both have a common internet connection? IPSec would solve all of this and with a simple firewall rule you can make sure they those two servers can only communicate with each other (cut out their Internet access for example)

I don't think IPSec is what he wanted.  But even if IPSec is desired, you have to have connectivity between the networks first.

You need a static route on each side to tell m0n0 where to go to get to the other network.

.20.0/24 === LANa | m0n0 a | OPT1a <==.10.0/24==> OPT1b | m0n0 b | LANb === .30.0/24

static routes (substitute appropriate IP addresses for the OPT1a and OPT1b interfaces)
(m0n0 a)  if=OPT1a   192.168.30.0/24  gateway=OPT1b
(m0n0 b)  if=OPT1b   192.168.20.0/24  gateway=OPT1a

You also should create a firewall rule for both sides to pass the traffic you need.  For testing, pass all traffic between the two networks.
OPT1 pass all any to any
LAN pass all any to any (this is a default rule created by m0n0)

If you don't have an Ethernet hub/switch on the OPT1 .10.0/24 network, you will need to use a crossover Ethernet cable.  Check the Diagnostics/Interfaces page on each m0n0wall to verify the link is up.  You will have to reboot or clear the firewall state when changing firewall rules for established connections.  This last bit cost me hours of trouble shooting before I discovered my changes weren't being implemented, even though they were listed.

I hope that's clear enough.  Draw youself a diagram of your network, and label ports, IP addresses, that helps.

Chris

Just another note on static routes.  m0n0wall assigns static routes to a particular interface, but they only work if they are on the interface that faces the next route.  This part took me awhile to figure out.  On the above example, you must set the static route on the OPT1 interface, because that is the interface the packets have to go out on to reach the next hop.

I have a m0n0wall to m0n0wall test network, using the OPT1 interfaces to connect them, and that worked for me.   One m0n0wall is conected to the internet on WAN interface, the second m0n0wall is not.  Watch out for the default route on the second m0n0wall, it can mask static route problems.  If you cannot reach one network from another, a diagram with the network components labled with interfaces an IP addresses helps keep everything straight.  Log all firewall rules until you figure out where the packets are being blocked.

Chris