I have a somewhat peculiar situation:
LAN1 is 192.168.17.0/24
LAN2 is 192.168.49.0/24
MonoWall is in LAN1, at 192.168.17.2, and is its main router.
It has a route:
192.168.49 192.168.17.44 UGS 0 11 em0
em0 is the LAN1 interface.
192.168.17.44 has a PPTP tunnel to LAN2, and has routing properly set up.
I can ping from LAN1 to LAN2.
Pinging from LAN2 to LAN1 fails miserably to hosts other than 192.168.17.44 (i.e. the VPN client) and 192.168.17.2 (i.e. monowall), even though I have a rule set up to allow LAN->LAN. I have a feeling the failure is because I see in the monowall log:
DENY 00:10:12.930239 LAN 192.168.17.10 192.168.49.150, type echoreply/0 ICMP
More precisely, from status.php, when trying to ping 192.168.17.10 from 192.168.49.150:
Dec 8 00:15:55 router ipmon[100]: 00:15:54.818116 em0 @100:5 b 192.168.17.10 -> 192.168.49.150 PR icmp len 20 60 icmp echoreply/0 IN
Dec 8 00:15:56 router ipmon[100]: 00:15:56.318318 em0 @100:5 b 192.168.17.10 -> 192.168.49.150 PR icmp len 20 60 icmp echoreply/0 K-S K-F IN
Dec 8 00:15:58 router ipmon[100]: 00:15:57.826438 em0 @100:5 b 192.168.17.10 -> 192.168.49.150 PR icmp len 20 60 icmp echoreply/0 K-S K-F IN
Where this is the rule in rule block 100:
@5 pass in log first quick from any to any keep state keep frags group 100
Strangely, I can, after some time, ping 192.168.17.4 and 192.168.17.5 from 192.168.49.150.
I am at a bit of a loss as to why, though....
|
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: Routing and hidden rules question - connecting two subnets