[ previous ] [ next ] [ threads ]
 
 From:  "Adam Lawson" <alawson at calhost dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Newbie Config Question - Initial M0n0wall Config - Need Assist ASAP
 Date:  Wed, 16 Mar 2005 08:42:20 -0800 
Question:
My network is in a colocation data center. They assigned me 3 IPs on the
65.74.157.x subnet (2 for my firewall interfaces and 1 for my ext router
interface).

The setup looks like this:

((WWW))
^
LAYER3 DATA CENTER SWITCH
^
M0n0wall (installed on standard PC with 2 NICs using CD-ROM/floppy setup for
now)
^
_Cisco 3660 router (VLANs configured for each customer on the 65.74.150 and
65.74.151 subnets)
^
_Layer2 switch
^
_Client machines with static IPs (each on their own VLAN - 5 usable Ips on
the 65.74.150.x and 65.74.151.x subnets)

Now, the Quick Start documentation says:
"5.3. Static IP addresses
If you want to use a static IP address on your client machines, be sure to
configure them in the same subnet as your m0n0wall LAN interface, using the
appropriate DNS servers and the m0n0wall LAN IP address as the default
gateway."

Now obviously, that scenario is not possible. My client machines need their
own static IP. The network is fine as is (without the firewall in place).

MY PROBLEM:

Now, last night I tried to install the firewall and when I plugged the LAN
interface into a hub and a test machine into the same hub with the same
subnet, I can reach the webGUI from the client which makes sense. If I try
to access the m0n0wall (or the internet for that matter) from a machine
behind the router, requests time out.

Is there a special configuration required so my client traffic can pass
through the router, through the firewall and to the Internet? Maybe the
better question would be, HOW would I do that? I thought I was doing it
correctly. The firewall doesn't seem to want to pass anything through.

The router alone works fine. In conjunction with the firewall it doesn't.

Lastly, if I can't get this working on the testbed, I will be happy to pay
someone to assist since I need this working (barebones at the least) by this
afternoon so I can block TCP traffic in/out on ports 135-140.

I'm sort of new to configuring firewalls, so a QA session here would be
best, then a crash course when I have more time.

Thanks in advance,


--
Adam Lawson
Support Engineer; Sacramento / Lincoln