|
||||||||
On Mon, 2005-04-04 at 19:01, bob bobson wrote: > Can i do this with monowall's? > > I am having problems doing static routes between the opt interfaces of the > monowall's do i need to put the opt's on their own little 192.168? Your opt1 interfaces need to be on the same subnet, but for the example take 192.168.168.0/24 (left is 192.168.168.1 and right id 192.168.168.2) > what > routes would i need on what interfaces The left box need a route to 172.20.0.0/24 with a gateway of 192.168.168.2 - and maybe also you opt2 on the right box The right box need a route to 172.16.0.0/16 with a gateway of 192.168.168.1 > and am i missing some firewall rules? You need to open the firewall to the trafic you need. > i can never ping the other monowall's opt ip address. Sounds like the opt1 interfaces are not correctly configurated. > Would it then be > possible to restric specific ips > from the 172.16.1 to the 172.20 network over these opt interfaces. Sure. Just setup firewall-rules to allow or stop the trafic as you wish - but start with a pass all, so you know the links and routes are ok ;-) > Also would it be possible to add another opt interface on the second > monowall just for a DMZ that i can restrict to only port 80 and 445 and only > access them from the 172.20 and externally. I don't se why not. Setup the appropriate firewall-rules. > IPSEC IPSEC > VPN Client VPN Client > | | > | | > adsl router adsl router > | | > pub ip pub ip > | | > mono mono > opt1--opt1 > lan opt2--DMZ (pub ip's) > | lan > | | > | | > PC's PC's > 172.16.1.0/16 172.20.0.0/24 > > As ever Thanks in advance. No problem. Hope I could helped you -- Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk> |