Hello,
I've got the following problem:
We've got a netgear router as outgoing firewall/router to the internet. Behind the netgear router we've placed a monowall as a secondary firewall. The LAN-port of the netgear is 192.168.10.1; the WAN-port of the monowall is 192.168.10.2
We've got a DMZ (192.168.1.0/24) and a LAN (192.168.0.0/24) behind the monowall.
This setting works without any problems.
The netgear router is the endpoint of an VPN-IPSEC-tunnel over the internet to another LAN with subnet 192.168.20.0/24. We tested ping and remote desktop from workstation 192.168.0.23 and could access 192.168.20.3, but it doesn't work the other way round.
The netgear router routes 192.168.0.0/24 and 192.168.1.0/24 to the monowall (192.168.10.2). This works, because we could ping 192.168.10.2 from 192.168.20.3.
Our main goal is, that all machines on 192.168.20.0/24 are able to access 192.168.0.0./24 (monowall LAN) and 192.168.1.0/24 (monowall DMZ) without restrictions.
To establish this we used the monowall rule on WAN Proto:* Source:192.168.20.0/24 Port:* Destination:LAN net Port:*
We could see that this works, when we enabled logging for this rule.
Unfortunately no service works.
When we add a specific inbound NAT, e.g. 22, for a specific target machine SSH works fine. But that's not our goal.
Best regards
FordPrefect
|