News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Routing between LAN and OPT1 does not work
Pages: [1]
Topic: Routing between LAN and OPT1 does not work  (Read 1634 times)
« on: January 09, 2009, 22:08:02 »
Dark-Sider *
Posts: 2
Hi,

I installed today my net4801 with the most recent stable version of m0n0wall (1.235 I think).

The setup I'm using is quite simple:
LAN: 192.168.1.252/24
WAN: pppoe
OPT1: 172.17.189.82/30

I added one Firewall rule in the OPT1 tab, to permit all source traffic from OPT1's Network. (So OPT1 can send packets to LAN (at least I thought so).

My first test was to go to m0n0's ping/traceroute tool and the IP 172.17.189.81 pinged just fine using the OPT1 interface.
The second test was to ping 172.17.189.82 (m0n0's OPT1 ip) from a LAN host (192.168.1.98) - success
The third test was to ping 172.17.189.81 from the same LAN host (192.168.1.98) - fail. The pings just timed out.

In my effort to locate the problem I browsed through this forums and found some similiar problems - some were resolved by checking that bypass filtering checkbox in the advaced tab - that didn't work for me.

I also upgraded to the most resent 1.3b15 release - no change.

What am I missing, since I did nothing more then setup OPT1 and add the one FW-Rule to permit OPT1-Net's traffic....

thanks for your help!

Bye
Fabian
« Reply #1 on: January 11, 2009, 12:13:07 »
Manuel Kasper
Administrator 		*****
Posts: 364
Check whether the machine on OPT1 is really using 172.17.189.82 as its default gateway. Also, if you're pinging from LAN to OPT1, there has to be a rule on the LAN interface that permits this (the OPT1 rules are not relevant in that case). You could also try running tcpdump/Wireshark on the OPT1 host to see whether it's a case of the ICMP echo requests not coming in, or the replies not making it back to the LAN host.
« Reply #2 on: January 12, 2009, 13:21:08 »
Dark-Sider *
Posts: 2
Hi,

thanks for your answer. I did some more resarch and networksniffing (wireshark is a real great tool).

It seems that there is some kind of misconfigurition in the .81 (Cisco) box for the VPN-Tunnel. The routing between LAN and OPT1 is fine as I confirmed by adding some additional computers to OPT1's Network.

I'm just curious what finally the problem is, since the Cisco-Router wasn't changed since two years or so.

What I did change was to replace our old Linksys (whitrussion img) with a soekris with m0n0wall. Probably some MAC or ARP cache stuff...

I'm sure the guys at our ISP will figure the stuff out :-)

bye
Fabian
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines