Firewall/NAT

I have stumbled over a really strange problem that I do not know how to fix.

Setup:

Client <- (wireless) -> WRT54G (LAN) <- cable -> Switch <- cable -> m0n0wall <- cable -> Internet

The switch has some other clients that can reach Internet without problems.

The Client however can not. At least not until I manually ping the client from m0n0wall.
it doesn't work if I ping it from another client connected to the switch.

My main suspect is the WRT54G unit, but the LAN is connected to the LAN port and the WAN port
is not used at all. And, when I used a Windows 2003 server in the very same place as the
m0n0wall, it was working all the time.

Any ideas on things I can try?

I have stumbled over a really strange problem that I do not know how to fix.

Setup:

Client <- (wireless) -> WRT54G (LAN) <- cable -> Switch <- cable -> m0n0wall <- cable -> Internet

The switch has some other clients that can reach Internet without problems.

The Client however can not. At least not until I manually ping the client from m0n0wall.
it doesn't work if I ping it from another client connected to the switch.

My main suspect is the WRT54G unit, but the LAN is connected to the LAN port and the WAN port
is not used at all. And, when I used a Windows 2003 server in the very same place as the
m0n0wall, it was working all the time.

Any ideas on things I can try?

Sounds like you need the ping to activate a route, which normally should not be necessary. I've seen this problem when you are joining two separate subnets through a gateway when there is another subnet junction between yet another gateway at the end.

Going by your setup, it should be a straight shot all the way with one route. So the next test you could try is fiddling with the MTU settings of the client as an experiment. Start with 1300 for example. It's possible that the large packets are dieing in transit and thus the route never gets established, but the ping since it's small, gets the route going, then the larger packets fall in line.

Just my guess, I've seen stranger things before.

Interesting! One thing that directly struck my mind when I read your post is that I changed the subnet of the entire network (to be able to connect it to another "m0n0wall-network" later on).
I changed it from x.x.1.0/24 to x.x.2.0/24

Even though the WRT54G has all services disabled, the gray-out settings for the DHCP server wants to give out IPs to the x.x.1.0 subnet.

I will try the MTU-setting and factory reset the WRT54G

Thanks for your quick reply!

[knightmb]

I tried the MTU settings but it didn't fix it for me unfortunately.

I upgraded the firmware in the WRT54G unit to the latest, still not working.

I swapped the IPs of m0n0wall and the WRT54G:
m0n0: x.x.2.1 to x.x.2.2
WRT54G: x.x.2.2 to x.x.2.1
and that seemed to have fixed it. I have no idea why and I'm not going to make any guesses either. I blame the WRT54G though, because using a x.x.x.1 IP with m0n0wall is working really well for me elsewhere.

Thanks for the support knightmb!

No problem, at least you didn't have to swap out any hardware. A few simple configuration changes is years better than playing around with hardware trying to resolve an issue.

I have no idea why that would work either since it's just a number changing from 1 to 2. Networking is funny that way.

Glad to hear you found a solution though!

I have a similar issue using monowall in hyperv

My lan clients cannot get internet until i ping the LAN IP of the hyperv host from the monowall console

JK