On Wed, 16 Mar 2005 08:42:20 -0800, Adam Lawson <alawson at calhost dot com> wrote:
> Now, the Quick Start documentation says:
> Now obviously, that scenario is not possible. My client machines need their
> own static IP. The network is fine as is (without the firewall in place).
Yeah I wrote that part of the Quick Start Guide with a focus towards a
typical LAN/WAN setup, which doesn't apply here.
This example that I wrote based on a colo setup I have is probably the
best way to do this. In this example, m0n0wall is completely
transparent. This is based on a real setup I run on 1.2b3 that pushes
a steady 1-3 Mb, up to 10+ Mb at times. 1.11 will work equally well,
but if you're working with a lot of rules, 1.2b3 is a lot easier to
work with and it has never ever crashed on me and it's pushing
200-300+ GB a month of internet traffic.
There is a bug in current m0n0wall versions (fixed in 1.2b5 or 6, I
believe, but I wouldn't use either of those in this situation) where
only the WAN subnet is allowed out the bridged interface due to a bug
in the antispoofing functionality. To get around this, put in a
superfluous static route on the bridged interface for 126.96.36.199/24
and 188.8.131.52/24 pointing to any IP. The route won't actually do
anything, but putting it in is the work around for that bug.