Installation

I'm new to Monowall, not to routers and networking in general.

I have a very simple setup that I am trying to accomplish and I'm probably missing something small.

I have two subnets: 192.168.1.x/24 (subnet A) and 192.168.169.x/24 (subnet b).  The hosts on subnet A need to be able to access a copier on subnet B. 

I have a soekris net4501 with three ports:  Lan, Wan and Opt1.  I have Subnet A plugged into the LAN port and assigned an address of 192.168.1.69.  I have Subnet B plugged into OPT1 and assigned an address of 192.168.169.69.  WAN is unassigned.

I created firewall rules on the LAN and OPT1 to allow all traffic. 

From the diagnostics, I can ping ping the gateways on both subnets.  192.168.1.1 and 192.168.169.1.  But, I cannot ping Subnet B from Subnet A, nor Subnet A from Subnet B.

This seems like this should be very easy, I feel like I'm missing something very simple.

Thanks in advcance for any support.

Not sure why you have created rules to allow all traffic if you only want a single host on one network to be accessible from the other network. But it's hard to say much without seeing the actual rules.

You may have to disable NAT on the interfaces as well.

Also, not having the WAN configured and in use may be a problem in general.

Also, I am confused with your addresses. You say you have assigned 192.168.1.69 and 192.168.169.69 to the LAN and OPT1 interfaces. Then you say you can ping the gateways on both subnets at 192.168.1.1 and 192.168.169.1. What and where are these "gateways."

We have two subnets:  A and B.  A and B both have connections to the internet, and thus have their own routers.  Inet traffic on A uses 192.168.1.1 as its gateway.  Inet traffic on B uses 192.168.169.1 as its gateway.  Thus, from the net4501, I can ping both gateways.

I could put subnet B in the WAN port and treat it like a WAN. 

We have two attorneys who want to share the same copier, but who for a variety of reasons do not want to be on the same network.

We want this router to all copier traffic only between the two networks.  Unfortunatly, we don't haven't got a list of protocols/ports from the copier rep yet.  So for now, all traffic will be ok.  We can tighten it later.

Something tells me one or more routing statements (static routes) are going to be needed somewhere, perhaps on those other routers.

I'm not positive, but I don't think m0n0wall will operate without a configured WAN interface, perhaps it can remain unused, but still configured.

A more tractable setup might be to put the printer on the m0n0wall WAN interface (don't forget to disable Block private networks on this interface) and create a third private network on that interface. Then use the LAN and OPT1 interfaces to connect to the other networks like you are probably trying now.

Also, I seem to remember this requirement coming up before. Was that you?

Not me.

So in the past I've a linux box with two nics to do this.  Its very simple to say all traffic from eth0 can can go to eth1 and so on. 

My thinking was that with monowall and a soekris, this would be just as easy, cheaper, and I could avoid having another box sitting the closet to do this one thing.

In essence all I want to do at this point is to let any host on A talk to any host on B over any protocal and visa versa.  Thats it.  I will use DCHP to push a static route to the workstatations.

This doesn't seem that complicated.

I couild just linux and do it that way, but it just seems that this should be simpler, quicker.

Not me.

So in the past I've a linux box with two nics to do this.  Its very simple to say all traffic from eth0 can can go to eth1 and so on.

That's one difference between a router, and a firewall that can also do routing.

Afraid I don't have any suggestions for you. It's probably doable. Maybe some of the other forum members will be able to help.

Some sort of labeled network diagram would eliminate a lot of questions.

This is a routing issue...  Right now you have;

Two gateways at 192.168.1.1 and 192.168.169.1
A funky bridge at 192.168.1.69 and 192.168.169.69
And two devices that need to speak at 192.168.1.25 and 192.168.169.25

The two devices have a default route of 192.169.x.1 and so when they try to see the other they go to the router at .1 and from there the router says "I don't have this in my route table" and send it to the Internet.  You need a static route in 192.168.1.1 of "192.168.169.1/24 gw192.168.1.69" and a static route in 192.168.169.1 of "192.168.1.1/24 gw192.168.169.69" to have them find each other.