[ previous ] [ next ] [ threads ]
 
 From:  =?UTF-8?Q?Peter_Parni=C4=8Dan?= <peter at procad dot sk>
 To:  "Don Munyak" <don dot munyak at gmail dot com>, <JSimoneau at lmtcs dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] static route
 Date:  Wed, 23 Mar 2005 16:27:10 +0100
Yes you are both right, its strange i know but i need it because im trying to have 4 subnets behind
m0n0.
First 1.1.1.0/24 working perfectly I can access m0n0 (webGui) without problem. But I want to use
more subnets ..10.0, ..100.0 etc. with one NIC (LAN).
I think it should be possible: because i found short description in advance setup ...look at Last
sentence (propably Manuel wrote it)::  
(Static route filtering:  This option only applies if you have defined one or more static routes. If
it is enabled, traffic that enters and leaves through the same interface will not be checked by the
firewall. This may be desirable in some situations where multiple subnets are connected to the same
interface.)

And reason why? ...i had talk with some admin guys (ISP) and they told me this is easyst way how to
do "isolation mode" ..but only for not very experienced users... in my case more than 90% of current
users at the network. Its because I want control traffic speed between users... some of them are
naughty and and are copying big files over wifi access point (copy just between users, not
downloading from internet). Therefore as soon as they will be in different subnets all traffic will
pass m0n0 not only wirelles access ponit.

example:
m0n0----wire----AP1 ::::::wirelless bridge:::::: AP2 :::::::::::: X wirelless users:: 

pet


----- Original Message ----- 
From: "Don Munyak" <don dot munyak at gmail dot com>
To: "Peter Parničan" <peter at procad dot sk>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, March 23, 2005 3:54 PM
Subject: Re: [m0n0wall] static route


If the PC is on the LAN "wire" then the LAN interface needs to be in
the network address 192.168.10.0 /24

I think what you are trying can't be done without assigning two IP
addresses to the LAN interface...1.1.1.1 and 192.168.10.1, and I don't
think m0n0wall can do that. I could be wrong though.

Is there some reason why you need the LAN interface setup as 1.1.1.1 ?

If your going to keep the pc address as 192.168.10.8/24 , I would
assign the m0n0wall LAN ip as 192.168.10.1/24

- Don


On Wed, 23 Mar 2005 15:01:45 +0100, Peter Parničan <peter at procad dot sk> wrote:
> Hi guys, i want ask if ill should be able to reach m0n0 (1.1.1.1) if my IP
> is 192.168.10.8 and m0n0 LAN is set to 1.1.1.0/24 network.
> I have add a static route 192.168.10.0/24, gateway 1.1.1.1 and Static route
> filtering: Bypass firewall rules for traffic on the same interface is
> anabled in ADVANCED setup.
> 
> If is it OK why can't access m0n0?
> 
> thx. Pet
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>