News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: M0n0WALL routing between VMware host-only subnets
Pages: [1]
Topic: M0n0WALL routing between VMware host-only subnets  (Read 2830 times)
« on: September 24, 2013, 00:32:56 »
nzguy *
Posts: 2
I'm not a network guy and I'm having trouble understanding how to set this up; I'm labbing some network stuff. Or trying to.

VMware Workstation
VMnet1 - hostonly 172.16.21.0 (gw=.2)   "Production network"
VMnet2 - hostonly 172.16.24.0 (gw=.2)   "Acceptance network"
VMnet3 - hostonly 172.16.20.0 (gw=.2)   "DMZ network"
VMnet8 - hostonly 172.16.25.0 (gw=.2)   "System Test network"
*** ignore VMnet8 for now

I have a M0n0WALL VM with four interfaces, one on each network;
LAN - em1 - VMnet1 - 172.16.21.5
WAN - em0 - VMnet3 - 172.16.20.5
OPT1 - em2 - VMnet2 - 172.16.24.5
OPT2 - em3 - VMnet8 - 172.16.25.5
*** ignore OPT2 for now.

I have Domain Controller on 172.16.21.10 on VMnet1 [LAN]
I have a standalong non-domain server on 172.16.24.100 on VMnet2 [OPT1]

I need all machines on OPT1 to be able to access machines on the LAN without restriction (i.e. routed, not firewalled or NAT'd)  [I need to join the domain, access file shares, DNS, etc)
Likewise, I need all machines on LAN to access machines on OPT1
All machines in all networks need to be able to access the Internet (via the WAN interface)
DNS is provided by the Domain Controller (which forwards to Internet-based DNS servers)

I've tried a multitude of firewall walls and static routes but simply cannot seem to get what I need.
In fact, though I have managed to get the DC out to the Internet, I haven't been able to get the server on the OPT network to ping anything at all, even the OPT interface itself.
Any help would be greatly appreciated.

My current 'rules' are:
Static routes - none
NAT rules - none
FW rules:   Tab - Proto / Source / Port / Dest / Port
LAN - * / LAN net / * ACCEPT net / *
LAN - * / LAN net / * / *
WAN - * / * / * / * / *
ACCEPT - * / ACCEPT net / * LAN net / *
ACCEPT - * / ACCEPT net / * / *

Again, I'm ignoring OPT2/SYSTEM TEST for now until I get OPT1 / ACCEPT working
« Reply #1 on: September 24, 2013, 01:35:55 »
nzguy *
Posts: 2
Hmm, don't usually reply to my own posts, but I believe I now have this working.

In VMware Workstation: networks as stated in my original post
On the M0n0WALL VM: network adapters as stated in my original post
All subnets and IP addresses everywhere are specified with a /24 subnet mask


I reset the M0n0WALL to factory defaults and started again.
On the VM console:
   -  I set the LAN IP address to 172.16.21.5 / 24
   -  I set the interfaces for each network (em1 = LAN, em0 = WAN, etc)
On the M0n0WALL web GUI:
   -  I set / checked the LAN interface
   -  I set the WAN interface to 'static', 172.16.20.5, gateway = 172.16.20.2
   -  I enable and configured the OPT1 and OPT2 interfaces (*not* bridged to anything)
   -  There are no static routes configured
   -  There are no NAT rules configured
   -  I configured the following f/w rules
   -  I configured the following f/w rules
Interface / Protocol / Source / Port / Destination / Port
LAN / * / LAN / * / * / *
WAN / <none; no rules configured>
OPT1 / * / OPT1 / * / * / *
OPT2 / * / OPT2 / * / * / *

Result:
LAN Domain Controller 172.16.21.5 can ping the OPT1 server on 172.16.24.100
The OPT1 server was able to join the domain
The Domain Controller can do Windows Updates (i.e. get to the Internet)
The OPT1 server can do Windows Updates (i.e. get to the Internet) (getting DNS from the DC)

That's it. I have no idea why this worked this time and not before as I am pretty certain it worked ok before.
Ah well ... works now ... hope this helps someone else.

Cheers
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines