News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Monowall Firewall/Routing Problems - Help!!!
Pages: [1]
Topic: Monowall Firewall/Routing Problems - Help!!!  (Read 1581 times)
« on: August 13, 2008, 06:55:00 »
Dafecat *
Posts: 7
I've setup the following circuit as outlined in the diagram.

Before the VPN's were inserted, this configuration used to work fine.
Now that I've added the VPN's and inserted a gateway in each PC that points at the VPN LANs,  I cannot ping across the entire path anymore.

The Blue path shows that I can now ping everything upto and including the furtherest VPN WAN.  I cannot ping to the furtherest VPN LAN side though.
The Red path shows exactly the same but from the reverse direction.  (This does look to me like a Firewall Block).

The only settings I've altered inside Monowall are:
  a)  LAN Interface addressing (as shown)
  b)  WAN Interface (set to a "Static IP" with address as shown)
  c)  User Login and Timezone.

The IPsec is disabled at present.  (I am wanting to get my pings working through the firewall before I enable the IPSec.)

Does anybody know why I cannot see through the furtherest VPN's WAN to the LAN?

Monowall has WAN & LAN rules enabled by default which allows all traffic to pass.  Supposedly making the VPN usable out of the box (Although it wouldn't be providing much security).

Any suggestions please.

* Online PON Query.JPG (57.62 KB, 857x703 - viewed 270 times.)
« Reply #1 on: August 19, 2008, 11:03:53 »
markb ****
Posts: 331
I'm not quite sure what you are doing when you mention VPN in the diagram, but from what you say, I think that you are saying that the VPN devices are Mono boxes with 2 cards in and a default installation.  If this is the case, you will need to do several changes to the Mono box.

    1. Disable NAT.  Mono comes with NAT enabled by default. You need to enable advanced NAT which will remove the automatic NAT rules.
    2. Uncheck the "Block Private Addresses" at the bottom of the WAN interface config page. (I think this is on by default)
    3. Add a rule in the WAN to pass the traffic you want.

This will need to be done on both boxes.

I have to ask though, what are you trying to achieve.  Do I understand that you are going to link the 2 subnets with an ipsec VPN between the 2 Mono boxes to give a secure connection between the 2 subnets.  If so, why are you trying to get the 2 subnets talking to each other without the VPN, you will only have to change the config again when you create the tunnel.  If this is what you are trying to achieve, all you need is for the 2 mono boxes to talk to each other, and then set up the VPN tunnel.  In fact you don't want to have the 2 subnets talking directly, you want to use the tunnel.

Hope this helps.
« Reply #2 on: August 22, 2008, 20:19:07 »
Dafecat *
Posts: 7
Hey there, thanks for the reply.

Yes, the intention was to get the two subnets talking to each other over the IPSec tunnel.

I have now got this circuit operational.  I've got no rules on my WAN, just my IPSec tunnel.
I have got rules programmed in my Firewall NAT settings, when I remove them the tunnel stops working.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines