Re: [m0n0wall] Newbie Config Question - Initial M0n0wall Config

From:	Chris Buechler <cbuechler at gmail dot com>
To:	Adam Lawson <alawson at calhost dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Newbie Config Question - Initial M0n0wall Config - Need Assist ASAP
Date:	Wed, 16 Mar 2005 21:49:57 -0500

On Wed, 16 Mar 2005 08:42:20 -0800, Adam Lawson <alawson at calhost dot com> wrote:
[snip]
> 
> Now, the Quick Start documentation says:
[snip]
> 
> Now obviously, that scenario is not possible. My client machines need their
> own static IP. The network is fine as is (without the firewall in place).
> 

Yeah I wrote that part of the Quick Start Guide with a focus towards a
typical LAN/WAN setup, which doesn't apply here.

This example that I wrote based on a colo setup I have is probably the
best way to do this.  In this example, m0n0wall is completely
transparent.  This is based on a real setup I run on 1.2b3 that pushes
a steady 1-3 Mb, up to 10+ Mb at times.  1.11 will work equally well,
but if you're working with a lot of rules, 1.2b3 is a lot easier to
work with and it has never ever crashed on me and it's pushing
200-300+ GB a month of internet traffic.
http://m0n0.ch/wall/docbook/examples-filtered-bridge.html

There is a bug in current m0n0wall versions (fixed in 1.2b5 or 6, I
believe, but I wouldn't use either of those in this situation) where
only the WAN subnet is allowed out the bridged interface due to a bug
in the antispoofing functionality.  To get around this, put in a
superfluous static route on the bridged interface for 65.74.150.0/24
and 65.74.151.0/24 pointing to any IP.  The route won't actually do
anything, but putting it in is the work around for that bug.

-Chris