Re: [m0n0wall] How to use m0n0wall as a LAN router / Multiple subnets on LAN interface

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] How to use m0n0wall as a LAN router / Multiple subnets on LAN interface
Date:	Fri, 4 Mar 2005 01:55:02 -0500

On Fri, 04 Mar 2005 01:00:47 +0100, Christian Rohmann
<Christian dot Rohmann at gmx dot de> wrote:
> Hello,
> 
> I would love to use more than one subnet on the lan interface.
> For the fun of it I'd love to use m0n0wall as a router and therefore I'd
> love to add another IP-Adress to m0n0wall's LAN interface.
> 
> How to do static routings with one interface without a 2nd ip-address
> anyways?
> 

The GUI isn't capable of that, AFAIK.  Not really proper network
design, you should use two NIC's or VLAN's rather than putting two
subnets on the same broadcast domain.

> I'd also love to use a 2nd subnet on the LAN interface for a lan-2-lan
> vpn tunnel. I don't want to use the default LAN subnet as that one
> doesn't need to be routed to the other side.
> 

It's not possible, and there wouldn't be any point in doing it anyway
since it would come into m0n0wall, be encrypted, be decrypted, and
passed out of m0n0wall in the same state it came in.  In that
situation, you're talking about host to host IPsec, which doesn't
involve m0n0wall at all.  I guess you could connect both subnets with
PPTP, but that's really not what it's designed to do.  If you need
encrypted communications between routed hosts, host to host IPsec is
the way to go.

-Chris