News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Trying to get lan to multiple lans to work
Pages: [1]
Topic: Trying to get lan to multiple lans to work  (Read 2163 times)
« on: June 14, 2007, 05:51:01 »
heathen *
Posts: 3
I am running monowall on Soekris 4501. I have one central office with two routers - one leading to the WAN (adsl, works nicely, configured as LAN - WAN), then another one on the same network, this one leads to multiple branches. Each branch has a Soekris box as well running monowall. I tried to configure the remaining boxes as LAN - OPT1 routing (lan to lan, in other words), but it won't let me set default gateway (minimum number of bits in the netmask is 1, kinda bizarre). I tried LAN - WAN, but I couldn't get the routing to work no matter how hard I tried. I made pass any rule the first, and I allowed private networks to be forwarded. Are there good *working* examples of setting up static routing tables on monowall in mutli-subnet environments? I thought 15 years in networking would be enough, but I must be going stupid somewhere.

Any pointers will be appreciated.
« Reply #1 on: June 14, 2007, 08:52:59 »
heathen *
Posts: 3
Here is the exact scenario:

On net 10.0.0.0/24 I have two routers:

#1. 10.0.0.1 WAN router
#2. 10.0.0.2 LAN router with WAN interface of 10.0.32.254 leading to remote branches. The router #2 has a static route on the WAN side pointing to 10.0.1.0/24 through 10.0.32.1.

At a remote branch01 I have 1 router (#3) with LAN interface of 10.0.1.1 and WAN interface of 10.0.32.1. The branch router has only a default gateway of 10.0.32.254.

From a workstation on the 10.0.0.0/24 network I can ping to 10.0.32.1, but not to 10.0.1.1 (or past it).

From a workstation on the branch network 10.0.1.0/24 I can ping to 10.0.32.254, but not to 10.0.0.2 or past it.

Workstations on both sides know which routers to use, so they have correct routing tables. As I mentioned earlier, I have pass any rules on both LAN and WAN interfaces on routers #2 and #3. I also allow private networks.

What am I missing here?
« Reply #2 on: June 14, 2007, 21:00:05 »
heathen *
Posts: 3
Anybody at all?

Alas, I may have to throw in the towel on this one. It looks like a nice thing to set up for simple topologies, but its lack of command line access is a serious problem for troubleshooting.
« Reply #3 on: June 16, 2007, 02:34:15 »
cmb *****
Posts: 851
exec.php suffices for command line, but it really wouldn't help you any in this situation.

You can only have one default route and it has to be on the WAN interface. So your WAN interface has to be facing your default gateway, whatever that is. 

You have a network diagram? Might make this a lot clearer to us.
« Reply #4 on: June 19, 2007, 15:40:25 »
markb ****
Posts: 331
Route #2 needs to have the WAN side pointing at your local LAN to get the default gateway pointing at router #1
All routers need to have the "Bypass firewall rules for traffic on the same interface" options checked in the Advanced page in the config.
NAT config, outbound tab. "Enable advanced NAT" set on router #2 and #3 to remove automatic NAT.

Hope this helps.

Mark.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines