[ previous ] [ next ] [ threads ]
 From:  "Alex Threlfall" <Alex at Cyberprog dot Net>
 To:  <seth at pachai dot net>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] WAN > DMZ With Public IP's / HOWTO setup multiple LAN interfaces? / VLANs on an fxp0 ? / Stickers and FlashMemory Devices
 Date:  Tue, 18 Jan 2005 00:35:37 -0000
> -----Original Message-----
> From: Seth Rothenberg [mailto:seth at pachai dot net] 
> Sent: 18 January 2005 12:29 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] WAN > DMZ With Public IP's / HOWTO 
> setup multiple LAN interfaces? / VLANs on an fxp0 ? / 
> Stickers and FlashMemory Devices
> Alex Threlfall said:
> > Hi All,
> > 	Our ADSL came with an /27 of public IP space (requested 
> through Ripe 
> > as we're a large office building and we'll be selling our ADSL onto 
> > the other occupants).
> It sounds like you might need more IP addresses than that.
> I'm no expert, but /27 means that there are 5 bits left over.
> I think you need 2 bits per segment - which gets you one address.
> So, the other 3 bits will select *your* customer.
> That's just 8 customers.
> Of course, your ISP could set you up with other IP ranges 
> that are routed through your network.  But that's more complex.
> Unless you are selling non-routable access.
> In which case, ignore the above math.

Yup, non-routeable access is what we were intending.

> > Therefore it seems like the right thing to do would be 
> setup the WAN 
> > and DMZ to be bridged,
> I don't think you need to bridge the WAN and DMZ - you may 
> need to segment it, and route between them.
> However, someone else may be able to comment on bridging WAN and DMZ.

Were you assuming I was doing routing as above?

> > 	Now in order to test this I'll put up an spare machine 
> by merely 
> > plugging the m0n0wall box into the public vlan and the 
> machine I'll be 
> > testing into the dmz port on the firewall. Will that interfere with 
> > the current machines on the public VLAN, or will the m0n0wall only 
> > forward packets that it recieves that it knows about behind the DMZ?
> You can't have m0n0wall on the same segment as your existing 
> machines using the same IP address.
> You could use one or more of the other IP's that you have 
> been assigned.

Hrm, think I understand that.
> > 	Also, I've got an quad port nic in the machine with one 
> onboard (fxp0 
> > intel) which has been recognised fine btw (D-Link 
> DFE-570TX, detects 
> > as dc0-dc3 btw). How can I configure the optional 
> Interfaces I'm not 
> > using as additional LAN interfaces for other companies in 
> the building?
> To allow configuring more interfaces, look for the Assign 
> link on the menu on the left.  Allows you to assign/reassign 
> interfaces.

Yup, I found that, couldn't see an specific way to identify them as an lan
subnet, would also be handy to be able to setup and assign dhcp pools based
on interfaces, is that possible?
> > I've also found an supplier for 16Mb DiskOnChip devices which are 
> > about 3cm high and plug directly into the IDE on a board,
> That sounds good...you probably need to use the generic PC image
Yup, it works with the standard pc image.
> > 	Oh and one last thing I just thought of as I wrote that last 
> > sentence, I don't see any option to download the config
> This capability is there.

Strange, can't see it! I'll have a hunt tommorow.

> Good luck.  Feel free to see the docs on 
> http://www.m0n0.ch/wall and to post additional questions.

Kind Regards,

  Alex Threlfall
Cyberprog New Media
tel - 0870 446 0789
fax - 0870 446 1789