General Questions

Hi,
I have read all the docs regarding this issue. Still can't get it to work.

Let me try to describe our infrastructure. We have one rack of servers with routable IPs, the whole rack located behind monowall. So I've configured monowall as filtered bridge as suggested (interfaces: WAN->IN, OPT1->OUT, LAN=Not used). All seem to work fine except one thing.

On this rack, we have some servers that do NOT have routable IPs. Instead they are all given IPs from 10.150.1.0/24 (in fact we use only the first 20 addresses of this subnet). My problem is that I cannot access those servers using monowall's PPTP server.

I have configured the PPTP server with an IP taken from this subnet (eg. 10.150.1.100), and also using different subnet. Still can't access any server of those. Of course before trying I have opened all firewall access to all interfaces (LAN,WAN,PPTP,OPT1).

I would appreciate some help with this. Thank you.

Use m0n0wall as router, use unified address spaces, and firewall rules to control network access, then set up PPTP it should work without any problem, use private address space and NAT for PPTP only if needed, the simpler the better, You won't have any problems.

Thank you. I really appreciate your response, yet it seems to me it cannot be considered very useful, since it just describes a general view of the whole system, and it is my understanding that I have already stated that I have a similar infrastructure up and running. I need help for a specific problem I am facing, and the automatic routing performed by monowall does not seem able to solve it. At the moment it is not an option to change the IPs of the servers in question, so I really need some help to make it work as it is now.

Maybe You could try adding additional interface and configure it with IP within the private address space range. At this point You could use NAT to connect from the PPTP to LAN, or configure routing information on the machines on that particular private local network.

In any case backup previous configuration in case something fails, so You could restore it right away. Direct machine access is a plus in such situations.

I've followed this approach you suggest, and got it to work, via LAN interface. My question is now the following:

Here is my infrastructure in general.

                                       INTERNET
                                               |
                                MONOWALL SERVER
                                               |
                                 24-PORT SWITCH
                                               |
                                     SERVER RACK

Obviously I managed to gain access by connecting the LAN interface to the switch. I want to ask, does this compromise my system in any way? I mean, is there any way for an outsider to gain access to the system using the LAN interface? Would I make it safer if I apply rules to the WAN interface, and if so, what kind of rules?

thanks

Thanks