[ previous ] [ next ] [ threads ]
 
 From:  Matchstick <matchstick at oofg dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re[2]: [m0n0wall] Proxy ARP routing
 Date:  Tue, 16 Nov 2004 10:47:09 +0000 
Tuesday, November 16, 2004, 10:29:36 AM, Harald Neuffer (neuf at lrs dot eei dot uni dash erlangen dot de) wrote:

Actually M0n0wall DOES do filtered bridging which is exactly how I
use it.

Filtered bridging is off by default but the option to turn it on is
the second option on System/Advanced page.

Once it's turned on (and you've set up your bridge in the Interfaces
section) then you can apply incoming rules to the WAN interface
and outgoing rules to the Bridged interface exactly as you would when
running M0n0 was a NATed firewall.

-- 
Matchstick
matchstick at oofg dot com

HN> Hi,

HN> I would say, this is not possible with the monowall because it is not a
HN> filtering bridge like an other project called drawbridge
HN> (http://drawbridge.tamu.edu/). m0n0wall does routing where filtering is
HN> possible, but when you are using the bridge option to an interface no
HN> filtering rules are possible.

HN> Hope this helps,

HN> Harald 
>> several machines using proxy ARP, with the machines being on the same
>> subnet as the external network. I.e.:
>> 
>> External net      m0n0wall      internal machines
>> 10.0.0.x     <--> 10.0.0.3 <--> 10.0.0.1
>>                                 10.0.0.2
>>                                 10.0.0.4
>> 
>> Proxy ARP is answering for 10.0.0.{1,2,4}, but I can't figure out how
>> I'd set up the static routes necessary to do this.
>> 
>> I've seen documentation for Linux saying that to do this, you'd set up
>> both the internal and external interface with the same IP address. I
>> don't know if this applies to FreeBSD as well though.
>> 
>> Any suggestions?
>> 
>> --
>> Kevin R. Bullock
>> Internet Systems Designer and Administrator
>> Minnesota Center Against Violence and Abuse
>> University of Minnesota
>> 612.624.8796
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

HN> ---------------------------------------------------------------------
HN> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
HN> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch