[ previous ] [ next ] [ threads ]
 
 From:  "Jeroen Visser" <monowall at forty dash two dot nl>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IP Aliases on WAN Interface + Routing Issue
 Date:  Wed, 16 Mar 2005 23:26:46 +0100 
Hi all m0n0wall users,

The m0n0waal project is GREAT. Far beyond anything I've ever found. Closed or Open
source. The freedom of m0n0wall comes very close to scripting your own firewallbox
in a ssh shell. ;-)
Nuff sucking up.

I've got 2 questions.

1: Is it possible to configure an alias on my WAN interface ? 
My WAN interface gets an IP from the ISP via DHCP. (Bridging ADSL modem). But I
want to be able to connect to my ADSL modem HTTP interface. The old situation was
that I configured my WAN interface (with shell and stuph) to have an additional IP
address. A private one.

Heres the idea.
ADSL modem uses IP 192.168.1.1 for the HTTP interface on the Ethernet side of my
modem. WAN port on my old firewal got a public address from the ISP and a
predefined alias with the address 192.168.1.2. That way I can connect from my
private network behind the LAN interface (range 10.0.30.0/24) to 192.168.1.1 with
a browser. Sofar I've not found this in m0n0wall. Maybe there's a config hack ?


2: My ISP is kind enough to grant me several public IP's (Yes I've asked and they
did not bother as long as I use no more then 4 of them). But these IP's both are
in a different subnet. My firewall and my server connect to a small switch and the
switch connects to the Ethernet of my modem. Now I want to add a hostbased routing
from one IP to another withOUT supplying a gateway. 

Something like this (linux):   
route add -host 81.45.33.123 dev eth0  (on host with IP 62.45.75.211)
route add -host 62.45.75.211 dev eth0  (on host with IP 81.45.33.123)

This way both firewall and server KNOW that they connect to the same switch and I
can transfer files from and to my private network with a 100 Mbit connection. If I
do not add these routes, all traffic will traverse over the ADSL gateways of my
provider, leaving a measly 1 Mbit.

These are my questions.
Needless to say, all IP's are not mine, but I made the up. But they DO reflect the
situation.

--
Kind regards,
Jeroen Visser.
--
Nee ik heb niet gefaald. Ik heb alleen 65 manieren gevonden die niet werken.