General Questions

Hi,

Hope someone could point me in the right direction.

I have the following config

Thomson 585v7 (192.168.1.0/24) --> Switch --> m0n0wall

m0n0wall LAN (192.168.0.0/24)
m0n0wall WAN (IP:192.168.1.8 | Gateway: 192.168.1.1)

From a client connected to the m0n0wall subnet I can connect to any resource on subnet 192.168.1.0/24

From a client connected to the Thomson subnet I cannot connect to any resource of the subnet 192.168.0.0/24

I wish to be able to connect to the m0n0wall GUI from any client on the 192.168.1.0/24 subnet.

Hope someone can help.

 

Thanks

You need to turn off NAT, and set up default routes in the router for the 192.168.1.x network.  Do you have access to that router?

Hi!

Thanks for your response.

Turn off NAT in the m0n0wall ?

From what I have understood this is achieved by

NAT >
  Outbound >
   Enable advanced outbound NAT

But when I do this nothing on the m0n0wall side has access to any resource.

Its as if this rule is doing the exact OPPOSITE, i.e it is totally locking down the m0n0wall.

Yes, I have access to the router.

Have used the CLI to issue the following command

ip rtadd dst 192.168.0.0 dstmsk 255.255.255.0 gateway 192.168.1.1 metric 0

Still the m0n0wall is locked down.

The only way I can get traffic moving is to uncheck 'Enable advanced outbound NAT'.

Will reset the m0n0wall to defaults and start by checking the 'Enable advanced outbound NAT' to see if it works as expected.

-- EDIT --

Reset to factory defaults -> enabled NAT rule

Still the same, totally locked down.

I must be doing something wrong

See: http://doc.m0n0.ch/handbook/faq-webGUI-from-WAN.html

Try to restrict the source IP address to only that or those needed.

You have three issues you have to correct.

1) NAT - It has to be turned off

2) Firewall - You have to have a default inbound rule, and a rule for the WAN IP.

3) Route - You have to have a path from the outside in...

Without all three of these being correct, nothing will work.

Hi Lee,

thanks for your continued assistance.

1/ NAT - It has to be turned off **Done**

2/ 'You have to have a default inbound rule'
Where should this be set | Firewall --> NAT --> Inbound OR Firewall --> Rules ??

'and a rule for the WAN IP'
Where should this be set ?

3/ Route - You have to have a path from the outside in
I had no problem setting up static routes using 2 different routers, in the routers I am creating a LAN IP address in the subnet of 192.168.20.0 for routing purposes.

Where do I setup this IP in m0n0wall ?

Do I set it here

Interfaces --> LAN --> Secondary IP's ??

And then set a static route for Dest:192.168.0.0/24 | Gateway:192.168.20.3 ?

Somehow, something that should be relatively simple has cost me endless hours.

If someone is able to point out to me where I am going wrong would be great !

Now you need a route on the ISP router telling the local subnet that 192.168.0.x is behind 192.168.1.94.  (Number from the picture that I can no longer see while replying.)

Hi mongo,

can you share more details???

I'm not sure where did you get the IP'S for default GW from and why there is an additional subnet needed?

Why it's not possible just to have following:

Router 1: Dest. 192.168.0.0/24 GW 192.168.1.94
So LAN Client on Router1 can access WAN on Router1 and WAN on m0n0 and also LAN on m0n0...

Way around:
LAN Client on m0n0 can access WAN on m0n0 and also LAN on Router1 and also WAN on Router1 if on m0n0 WAN Default GW is 192.168.1.1


So not sure where the problem is???

BR
xhanik

Hi xhanik,

ive moved this to a different thread just above this one that contains more clear information.

Thanks

:-)