[ previous ] [ next ] [ threads ]
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  Chris Bagnall <m0n0wall at minotaur dot cc>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ADSL users in the UK
 Date:  Wed, 30 Mar 2005 01:06:07 +0100

>I know this subject has been raised by me (and others) on the list in the
>past, so apologies if this is rehashing an earlier thread. I've finally been
>able to ditch BT for ADSL in favour of Zen Internet, which means I now have
>a /29 address range to play with. I'm fairly confident with setting up m0n0
>for this (proxy ARP and the like), but I think my ADSL modem (X-Modem CE) is
>only responding on the primary IP, not any of the others.
>Are any folks in the UK running multiple IPs with m0n0wall, and if so, what
>hardware are you using at the ADSL presentation end? Any helpful hints on
>configuration would also be much appreciated.
Yup.  I'm with Eclipse and also have a /29 (fairly recently).

>Ideally I'd like 3 IPs mapped 1:1 to Gentoo servers behind m0n0, one
>reserved for future 1:1 VoIP use, then using the final IP for all my
>workstations/clients running through NAT.
>As I said, I'm reasonably comfortable with this from a m0n0 config angle,
>the problem seems to be the ADSL modem in front of m0n0.
I'm using an Origo ASR-8400 ADSL Router, available from Ebuyer as a
SAMR-4114 although it's the same innards, just a different case.

I'm, running it in full bridge mode so that both WAN and LAN (as far as
the router is concerned are on the same address range.  The only way I
was able to manage that was by switching to PPPoE from PPPoA - I wasn't
expecting it to work but apparently BT enabled PPPoE on all the
exchanges last summer.  This is probably a quirk of the Origo but it
works anyway.

The router takes one IP address and the m0n0wall another.  I have OPT1
bridged with WAN and a SIP server sitting on OPT1 - I was having major
problems with SIP and NAT (and having to open up large ranges of UDP
ports into my LAN, which I wasn't too keen on) so went this way and now
don't have any problems.

Not bothered with 1:1 NAT or server NAT as I prefer it with the bridge -
it means that LAN clients can access the real IP address and it's less
work for the firewall to do.

If you need any assistance getting the above router to work (if you get
one) feel free to drop me a line off-list.

I'm running 1.11, BTW.



Neil A. Hillard                E-Mail:   neil at dana dot org dot uk
                               Web:      http://www.dana.org.uk/