Thanks Tim,
You rule ;-) I'm gonna start tinkering with my M0n0wall box now and try
to replicate your setup, incidentaly would there be any reason why I
could not swap one OPT interface with LAN - I mean use public IP's on an
OPT interface and use a private IP range and NAT on the LAN, will
M0n0wall be happy with this also ?
Cheers,
James....
Tim Korves wrote:
> Hi James,
>
> full ACK
>
> Tim
>
> Am 14.04.2005 um 21:36 schrieb James Mellor:
>
>> Thanks Tim,
>>
>> This looks good to me, I can feel the cogs grinding in my Brain as
>> it tries to assimilate new information ;-) so to verify - would I
>> be correct when I say that from the info you gave all the machines
>> on your LAN are being assigned IP's from your DHCP server and are
>> communicating using public IP's through the WAN interface and onto
>> the internet.
>>
>> Also would I be correect in saying that your OPT1, OPT2, and PPTP
>> have a private IP range and so the rules you setup in the attached
>> picture allow M0n0wall to pass traffic from the OPT1, OP2, and PPTP
>> interfaces to the WAN and LAN interfaces.
>>
>> Does this mean that any machine on a pivate IP address on either
>> OPT1, OPT2, or PPTP is NAT'd to the internet through WAN ?
>>
>>
>> Cheers,
>> James...
>>
>>
>> Tim Korves wrote:
>>
>>> Hi James,
>>>
>>> it's just easy:
>>>
>>> Enable advanced NAT and do it like on my picture:
>>>
>>>
>>>
>>> Ok, it might be confusing...
>>>
>>> Explaination:
>>>
>>> WAN: 194.77.75.96/27
>>> LAN: 194.77.75.96/27
>>> OPT1: 10.1.1.0/24
>>> OPT2: 10.1.2.0/24
>>> PPTP: 10.1.3.0/28
>>>
>>> So you have to define, that the connections in your LAN don't have
>>> to be masked by NAT.
>>>
>>> It's kind easy...
>>>
>>> Tim
>>>
>>> Am 14.04.2005 um 20:52 schrieb James Mellor:
>>>
>>>> Hi Tim,
>>>>
>>>> I've setup my M0n0wall box so that the OPT and WAN interface has
>>>> the same IP address: 212.158.246.147 and the same subnet mask:
>>>> 255.255.255.240 or /28 and my Laptop can connect the internet
>>>> fine, the LAN interface has default NAT'd setup and I have not
>>>> created any rules ;-)
>>>>
>>>> Problem is when I turn on Advanced Outbound NAT my Laptop
>>>> connected to the LAN interface cannot browse anymore, if I turn
>>>> this off again then all is fine again ? I read somewhere in these
>>>> lists that I need to create a rule for the LAN interface but it
>>>> doesn't say anywhere what type of rule to setup, do you have any
>>>> ideas - by me turning on Advanced Outbound NAT am I turning off
>>>> NAT on the LAN interface as well as the OPT interface ?
>>>>
>>>>
>>>> Cheers,
>>>> James....
>>>>
>>>>
>>>> Tim Korves wrote:
>>>>
>>>>> Hi James,
>>>>>
>>>>> full ACK
>>>>>
>>>>> Tim
>>>>> Am 13.04.2005 um 20:31 schrieb James Mellor:
>>>>>
>>>>>> Hi Tim,
>>>>>>
>>>>>> You mean you setup m0n0wall to have the same public IP address
>>>>>> on the WAN as on the OPT and you had computers on the OPT
>>>>>> interface connecting to the internet with public IP's from the
>>>>>> same assignment.
>>>>>>
>>>>>>
>>>>>> Cheers, James...
>>>>>>
>>>>>> Tim Korves wrote:
>>>>>>
>>>>>>> Hi James,
>>>>>>>
>>>>>>> you're able to set the same IP to your OPT interface. My
>>>>>>> former provider assigned a /29 to me, where the internal and
>>>>>>> external interface had the same IP... You could do it in the
>>>>>>> same way as I've done it.
>>>>>>>
>>>>>>> Regards, Tim
>>>>>>>
>>>>>>> Am 13.04.2005 um 19:15 schrieb James Mellor:
>>>>>>>
>>>>>>>> Thanks Tim,
>>>>>>>>
>>>>>>>> I'll definately try that out when I've sorted out my routing
>>>>>>>> issue.
>>>>>>>>
>>>>>>>> Problem I have is that the WAN interface has an IP assigned
>>>>>>>> from the same /28 range as I want to give to computers on
>>>>>>>> my network, I don't mind losing an interface, but I need to
>>>>>>>> use DHCP to assign IP's from my /28 range to computers on
>>>>>>>> my network then throttle their upstream and downstream
>>>>>>>> connection to the internet.
>>>>>>>>
>>>>>>>> I don'w know what subnet to assign to each interface so that
>>>>>>>> out of my /28 range the WAN has one IP and the rest are
>>>>>>>> available to my machines on another interface without NAT or
>>>>>>>> bridging, you may have quessed I'm not too up on my IP
>>>>>>>> addressing and stuff ;-)
>>>>>>>>
>>>>>>>> Cheers, James....
>>>>>>>>
>>>>>>>>
>>>>>>>> Tim Korves wrote:
>>>>>>>>
>>>>>>>>> Hi James,
>>>>>>>>>
>>>>>>>>> you don't need to bridge... Why don't you use your m0n0wall
>>>>>>>>> as ADSL router? So I do and I also have a subnet assigned
>>>>>>>>> by my ISP (194.77.75.96/27). My WAN Interface got an
>>>>>>>>> address assigned by the PPP server of my ISP, my LAN
>>>>>>>>> Interface got the first IP of my subnet. The only thing I
>>>>>>>>> had to do was, to allow all traffic from WAN to LAN and LAN
>>>>>>>>> to WAN... Everything works fine, without bridging...
>>>>>>>>>
>>>>>>>>> Greets, Tim
>>>>>>>>>
>>>>>>>>> Am 12.04.2005 um 23:05 schrieb James Mellor:
>>>>>>>>>
>>>>>>>>>> For the life of me I can't seem to work out how to setup
>>>>>>>>>> M0n0wall to do NAT on LAN and route a public IP range to
>>>>>>>>>> the OPT interface, I have read all the mail archive stuff
>>>>>>>>>> and read the documentation. Here's the setup I am trying
>>>>>>>>>> to get working:
>>>>>>>>>>
>>>>>>>>>> Public static IP range from my service provider is
>>>>>>>>>> 212.158.246.144/28
>>>>>>>>>>
>>>>>>>>>> WAN <---- IP address: 212.158.246.146 with Gateway
>>>>>>>>>> address: 212.158.246.145
>>>>>>>>>>
>>>>>>>>>> LAN <---- IP address: 192.168.0.1/24 private addresses setup
>>>>>>>>>> to do NAT and DHCP server enabled
>>>>>>>>>>
>>>>>>>>>> OPT <---- IP address: 212.158.246.147-158 useable
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> My ISP has given me a IP range 212.158.246.144/28, the first
>>>>>>>>>> IP 212.158.246.145 is taken by my ADSL router, the second
>>>>>>>>>> IP 212.158.246.146 I want assigned to the WAN and the rest
>>>>>>>>>> I would like to assign to machines on the OPT interface.
>>>>>>>>>>
>>>>>>>>>> I know I could bridge the OPT and WAN interfaces however I
>>>>>>>>>> have read that although I can enable filtering bridge and
>>>>>>>>>> throttle inbound traffic I am unable to throttle outbound
>>>>>>>>>> traffic for a specific IP address, another issue is that I
>>>>>>>>>> would like the DHCP service to assign public IP's to
>>>>>>>>>> machines on the OPT interface, from my understanding this
>>>>>>>>>> would not be possible with OPT bridged with the WAN
>>>>>>>>>> interface.
>>>>>>>>>>
>>>>>>>>>> So with all that said I'm more than a little confused, I'm
>>>>>>>>>> borderline labotomising myself trying to work out how to
>>>>>>>>>> get M0n0wall to do this for me.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> James Mellor.
>>>>>>>>>>
>>>>>>>>>> P.S. The most important thing for me is to use the DHCP
>>>>>>>>>> server to assign public IP addresses to machines on my
>>>>>>>>>> network and then throttle these machines upstream and
>>>>>>>>>> downstream access to the internet.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------------------
>>>>>>>>>> -- -- --
>>>>>>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>>>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------------------
>>>>>> --
>>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>>
>>>>>
>>>>>
>>>>
>>
>> <nat.tiff>
>
>
>
| 