[ previous ] [ next ] [ threads ]
 
 From:  "Alex Threlfall" <Alex at Cyberprog dot Net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  WAN > DMZ With Public IP's / HOWTO setup multiple LAN interfaces? / VLANs on an fxp0 ? / Stickers and FlashMemory Devices
 Date:  Mon, 17 Jan 2005 21:15:45 -0000
Hi All,

	I've had a flick through the FAQ and I've gleaned some info from
there, but let me describe what I'm trying to do.

	Our ADSL came with an /27 of public IP space (requested through Ripe
as we're a large office building and we'll be selling our ADSL onto the
other occupants).

	As a result, I wish to use m0n0wall as our office NAT proxy and also
to firewall our servers in the rack. These machines need to be on public IP
addressing for multiple reasons that I won't go into here.

	Therefore it seems like the right thing to do would be setup the WAN
and DMZ to be bridged, so the WAN has an public IP and the DMZ can
communicate via this to our ADSL Router. I've told m0n0wall to bridge the
addresses and to filter the bridged interface which should be correct in
order to firewall the machines on the DMZ.

	Now in order to test this I'll put up an spare machine by merely
plugging the m0n0wall box into the public vlan and the machine I'll be
testing into the dmz port on the firewall. Will that interfere with the
current machines on the public VLAN, or will the m0n0wall only forward
packets that it recieves that it knows about behind the DMZ? If the latter,
how do I tell it to do this, and if the former then how can I prevent that?

	Also, I've got an quad port nic in the machine with one onboard
(fxp0 intel) which has been recognised fine btw (D-Link DFE-570TX, detects
as dc0-dc3 btw). How can I configure the optional Interfaces I'm not using
as additional LAN interfaces for other companies in the building?

	I was also playing with VLANs and either my switch was playing up or
there's something wrong with the fxp0 stuff, I setup the port correctly from
what I could tell with tagged vlans 1,2,3 and then setup vlan interfaces for
these on the fxp0 but I couldn't ping the m0n0wall after that!

	Finally, I plan on getting a batch of m0n0wall stickers made up, and
I've also found an supplier for 16Mb DiskOnChip devices which are about 3cm
high and plug directly into the IDE on a board, saving having an compact
flash, perhaps more importantly they could be setup with 2 of these in a
machine as there's plenty of space so if one failed, the firewall would
failover onto the second device. Perhaps this is some functionality that
could be looked into for detecting other m0n0wall installations/disks in a
machine and offering the ability to drop the config into it?
	What I'm trying to say is that is there any interest in some of
these? Pricing for the DiskOnChip is a bit variable, but probably will be
between 15 and 20 quid depending on how many people are interested? Got one
of these in my machine atm and it's very very nice, better than faffing
round with an compact flash and adaptor!

	Oh and one last thing I just thought of as I wrote that last
sentence, I don't see any option to download the config easily for future
reference, could an page be added to allow quick download and upload of an
config at all? It's something I see on my SonicWall Pro 2040 (Don't ask me
about that bugger, if I'd know about m0n0wall then I wouldn't have wasted
1.25k on the damn thing, mind you it does do an nice DMZ option similar to
what I'm trying to do with m0n0wall and other than needing the arp-cache
cleared on the router it was fairly well documented)

	Thanks in advance for any assistance you people can render, sorry to
ramble on a bit!


Kind Regards,

  Alex Threlfall
Cyberprog New Media
tel - 0870 446 0789
fax - 0870 446 1789 
 www.cyberprog.net