News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Odd routing behavior
Pages: [1]
Topic: Odd routing behavior  (Read 1713 times)
« on: January 13, 2009, 18:10:04 »
anubis *
Posts: 2
M0n0wall is installed on a Soekris NET4801 with the extra 4 port PCI card (total of 7 ethernet ports).
I have the LAN port going to a switch.  The WAN port goes to the aDSL MODEM.  The first OPT port goes to my wireless AP.  The second OPT port goes to my server.

I have a computer that runs Windows XP that I am using as a server.  It has two network cards installed, one of them connects to the second OPT port of the router and the other card goes to the switch.
I have the LAN port on the server setup with a manual IP address of 10.100.0.200 and /24 mask. NO GATEWAY IS SET ON THIS INTERFACE!
The connection to the router is setup with static DHCP, it is 10.200.0.200, /24 mask, and gateway of 10.200.0.254 which is the router.

In the past I have tried to create firewall rules that would successfully isolate 10.100.0.200 from accessing the internet via the LAN interface, they never worked as I would liked it to have that is why I do not have the gateway for that interface set.  Do to this I am unable to access the server via the LAN IP from the wireless's network (which is 10.100.1.0/24).  I've been using the 10.200.0.200 address.

Just recently something has changed....
I can access 10.100.0.200 using Remote Desktop while I'm on the wireless.  I used a packet sniffer and found out that the packet arrives at the 10.100.0.200 interface BUT somehow it leaves on the 10.200.0.200 interface as 10.100.0.200 AND M0n0wall allows it through!!!! The only rule on the 10.200.0.0/24 network is allow all from 10.200.0.200!! but yet 10.100.0.200 goes through the router back to my laptop.  It even responds to echo requests and I can access the HTTP server.  This is very bizarre in my opinion and its only happened recently.

I have reflashed the compact flash card manually and restored the configuration and it still does it.

What I really would like is to have the 10.100.0.200 interface used solely for internal use (routed to the lan and wireless only) and 10.200.0.200 for the internet connection of that computer.  The computer is used for HTTP and NAS primarily.
« Reply #1 on: November 13, 2009, 02:46:06 »
anubis *
Posts: 2
BUMP!
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines