News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Help with settings
Pages: [1]
Topic: Help with settings  (Read 2003 times)
« on: April 09, 2010, 16:55:40 »
divix3 *
Posts: 3
I have a small issue with my settings. Here is what I am trying to do. My company has guest wireless access points around the building and they have decided to have something like Monowall in order to let the users know what they are accessing  Cheesy. So we have cable modem (68.198.xxx.xx)/Cisco asa 5500 as firewall and DHCP (192.168.x.xxx)/ Internal Cisco Switch (internal ip 10.1.x.xxx/ internal ip 192.168.x.xxx)/Wireless Access Points (192.168.x.x). I have disabled the DHCP setting on Monowall in order for ASA5500 performed the job of DHCP but still the users are not able to obtain the IPs for their laptops  Undecided. Any help would be appreciated. Thanks,
« Reply #1 on: April 09, 2010, 18:52:56 »
SteveEast *
Posts: 30
I think you may need to enable the DHCP relay.

Steve.
« Reply #2 on: April 09, 2010, 19:12:55 »
divix3 *
Posts: 3
Hi Steve,

Here are my current settings:

  <?xml version="1.0" ?>
- <m0n0wall>
  <version>1.8</version>
  <lastchange>1270759495</lastchange>
- <system>
  <hostname>internetgateway</hostname>
  <domain>test.org</domain>
  <username>admin</username>
  <password>$1$peYxnh76$mbl5cefK/d6PfNsUuOVrO.</password>
  <timezone>America/New_York</timezone>
  <time-update-interval>300</time-update-interval>
  <timeservers>0.m0n0wall.pool.ntp.org</timeservers>
- <webgui>
  <protocol>http</protocol>
  <port />
  <certificate>
  <private-key> private-key>
  </webgui>
  <dnsserver>192.168.2.2xx</dnsserver>
  <dnsallowoverride />
  </system>
- <interfaces>
- <lan>
  <if>sis0</if>
  <ipaddr>192.168.2.x</ipaddr>
  <subnet>24</subnet>
  <media />
  <mediaopt />
  </lan>
- <wan>
  <if>dc0</if>
  <blockpriv />
  <media />
  <mediaopt />
  <ipaddr>192.168.2.x</ipaddr>
  <subnet>31</subnet>
  <gateway>192.168.2.2xx</gateway>
  <spoofmac />
  </wan>
  </interfaces>
  <staticroutes />
  <pppoe />
  <pptp />
- <dyndns>
  <type>dyndns</type>
  <username />
  <password />
  <host />
  <mx />
  <server />
  <port />
  </dyndns>
  <dnsupdate />
- <dhcpd>
- <lan>
- <range>
  <from>192.168.2.102</from>
  <to>192.168.2.200</to>
  </range>
  <defaultleasetime>10800</defaultleasetime>
  <maxleasetime>86000</maxleasetime>
  <next-server />
  <filename />
  </lan>
  </dhcpd>
- <pptpd>
  <mode />
  <nunits>16</nunits>
  <redir />
  <localip />
  <remoteip />
  </pptpd>
- <dnsmasq>
  <enable />
  </dnsmasq>
- <snmpd>
  <syslocation />
  <syscontact />
  <rocommunity>public</rocommunity>
  </snmpd>
  <diag />
  <bridge />
  <syslog />
- <nat>
  <portrange-low />
  <portrange-high />
- <advancedoutbound>
  <enable />
  </advancedoutbound>
  </nat>
- <filter>
- <rule>
  <type>pass</type>
  <descr>Default LAN -> any</descr>
  <interface>lan</interface>
- <source>
  <network>lan</network>
  </source>
- <destination>
  <any />
  </destination>
  </rule>
- <rule>
  <type>pass</type>
  <descr>Default IPsec VPN</descr>
  <interface>ipsec</interface>
- <source>
  <any />
  </source>
- <destination>
  <any />
  </destination>
  </rule>
  <tcpidletimeout />
  </filter>
  <shaper />
- <ipsec>
  <dns-interval />
  </ipsec>
  <aliases />
  <proxyarp />
  <wol />
- <captiveportal>
- <page>
 </htmltext>
  </page>
  <timeout>60</timeout>
  <interface>lan</interface>
  <maxproc />
  <idletimeout>10</idletimeout>
  <auth_method>none</auth_method>
  <reauthenticateacct />
  <httpsname />
  <certificate />
  <private-key />
  <logoutwin_enable />
  <bwdefaultdn />
  <bwdefaultup />
  <redirurl>http://www.mypage.com</redirurl>
  <radiusip />
  <radiusip2 />
  <radiusport />
  <radiusport2 />
  <radiusacctport />
  <radiuskey />
  <radiuskey2 />
  <radiusvendor>default</radiusvendor>
  <radmac_format>default</radmac_format>
- <user>
  <name>test</name>
  <fullname>Test</fullname>
  <expirationdate />
  <password>aa4bbe632574e4a96cddc259086b20dc</password>
  </user>
  <enable />
- <element>
  <name>rcs.jpg</name>
  <size>4303</size>
  <content</content>
  </element>
  </captiveportal>
- <dhcrelay>
  <server>192.168.2.2xx</server>
- <lan>
  <enable />
  </lan>
  </dhcrelay>
  </m0n0wall>

and as you can see, I have enabled DHCP relay also my monowall box seeds between the Cisco ASA and Internal Switch. Is this the right place for the box?

Thanks,
Alan
« Reply #3 on: April 10, 2010, 01:18:34 »
SteveEast *
Posts: 30
Sorry, I just thought setting up the relay might be something you missed. It's quite hard to understand your config with all the .xx stuff in it. Not really a lot of point blanking out private IP addresses - you're not giving anything away.

Is your WAN address (192.168.2.x) really meant to be in your LAN (192.168.2.x/24)?

Steve.
« Reply #4 on: April 10, 2010, 01:21:49 »
Fred Grayson *****
Posts: 994
Quote from: SteveEast on April 10, 2010, 01:18:34
........
Is your WAN address (192.168.2.x) really meant to be in your LAN (192.168.2.x/24)?

Bingo, that's a problem - no interface network overlaps are allowed.
--
Google is your friend and Bob's your uncle.
« Reply #5 on: April 12, 2010, 17:36:48 »
divix3 *
Posts: 3
Thanks guys. I will change the WAM IP to let say: 192.168.1.1 and leave the LAN IP as 192.168.2.102. I am hoping that should solve my issue Smiley
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines