|
||||||||
Kim C. Callis wrote: > No problem on the ASCII diagram... I have made some changes to the original.... > > > >>Lets get this straight (apologies for the bad ASCI): >> >> Internet Internet >> | | >> router | >> | | >> . -------------------' --------------------. >> (192.168.1.0/24) (172.16.8.0/16) m0n0 LAN >> | >> | >> ------------------------------- >> | | > > cameras (16) > wireless clients (20) > > > > The 192 subnet is for the hotel... I am running a cable from monowall > box down to a switch that is connected to the hotel network. My first > plan was to create another monowall box, with a WAN interface that > connected to the 192 interface and the LAN interface to be on the > 172.16.8 subnet with no DHCP running. That way it would be just > another client on the 172.16.8 subnet. > > Since I am able to connect the monowall box directly into the 192 > network, can't I just add a static route to the monowall box to > 192.168.1.0/24 allowing the clients on the hotel network to access the > monowall box, or do I need to have the IT add the static route to > their side to the 172.16.0 subnet. If that is the case, then I need to > create the second m0n0 box, and set it up to provide access to the > 172.16.8 subnet on the WAN side (and give it a static address), and on > the LAN interface plug that into the switch on the hotel. But now that > I think about it, since I am not routing on the hotel side, I still > have to get the hotel to provide a static route in order to get the > other clients on the hotel side to be able to get out to the 172.16 > side.... > I think that your best bet for security and ease (with both connected to the internet) is to use pptpd on the m0n0wall and let *authenticated* users on to the camera network. This would get around around the others firewall, etc. Jeb -- Jeb Campbell jebc at c4solutions dot net |