Re: [m0n0wall] Public IP's on OPT issue, my Brain hurts

From:	James Mellor <james at jamesx dot com>
To:	Tim Korves <tkml at cluster dash worxx dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Public IP's on OPT issue, my Brain hurts - please help ;-)
Date:	Thu, 14 Apr 2005 20:40:19 +0100
> Thanks Tim,
>
> This looks good to me, I can feel the cogs grinding in my Brain as it 
> tries to assimilate new information ;-) so to verify - would I be 
> correct when I say that from the info you gave all the machines on 
> your LAN are being assigned IP's from your DHCP server and are 
> communicating using public IP's through the WAN interface and onto the 
> internet.
>
> Also would I be correect in saying that your OPT1, OPT2, and PPTP have 
> a private IP range and so the rules you setup in the attached picture 
> allow M0n0wall to pass traffic from the OPT1, OP2, and PPTP interfaces 
> to the WAN and LAN interfaces.
>
> Does this mean that any machine on a pivate IP address on either OPT1, 
> OPT2, or PPTP is NAT'd to the internet through WAN ?
>
>
> Cheers,
>          James...
>
>
> Tim Korves wrote:
>
>> Hi James,
>>
>> it's just easy:
>>
>> Enable advanced NAT and do it like on my picture:
>>
>>
>>
>> Ok, it might be confusing...
>>
>> Explaination:
>>
>> WAN: 194.77.75.96/27
>> LAN: 194.77.75.96/27
>> OPT1: 10.1.1.0/24
>> OPT2: 10.1.2.0/24
>> PPTP: 10.1.3.0/28
>>
>> So you have to define, that the connections in your LAN don't have 
>> to  be masked by NAT.
>>
>> It's kind easy...
>>
>> Tim
>>
>> Am 14.04.2005 um 20:52 schrieb James Mellor:
>>
>>> Hi Tim,
>>>
>>> I've setup my M0n0wall box so that the OPT and WAN interface has 
>>> the  same IP address: 212.158.246.147 and the same subnet mask:  
>>> 255.255.255.240 or /28 and my Laptop can connect the internet fine,  
>>> the LAN interface has default NAT'd setup and I have not created 
>>> any  rules ;-)
>>>
>>> Problem is when I turn on Advanced Outbound NAT my Laptop connected 
>>> to  the LAN interface cannot browse anymore, if I turn this off 
>>> again then  all is fine again ? I read somewhere in these lists that 
>>> I need to  create a rule for the LAN interface but it doesn't say 
>>> anywhere what  type of rule to setup, do you have any ideas - by me 
>>> turning on  Advanced Outbound NAT am I turning off NAT on the LAN 
>>> interface as  well as the OPT interface ?
>>>
>>>
>>> Cheers,
>>>              James....
>>>
>>>
>>> Tim Korves wrote:
>>>
>>>> Hi James,
>>>>
>>>> full ACK
>>>>
>>>> Tim
>>>> Am 13.04.2005 um 20:31 schrieb James Mellor:
>>>>
>>>>> Hi Tim,
>>>>>
>>>>> You mean you setup m0n0wall to have the same public IP address on  
>>>>> the  WAN as on the OPT and you had computers on the OPT 
>>>>> interface   connecting to the internet with public IP's from the 
>>>>> same  assignment.
>>>>>
>>>>>
>>>>> Cheers, James...
>>>>>
>>>>> Tim Korves wrote:
>>>>>
>>>>>> Hi James,
>>>>>>
>>>>>> you're able to set the same IP to your OPT interface. My former   
>>>>>> provider assigned a /29 to me, where the internal and external   
>>>>>> interface had the same IP... You could do it in the same way as  
>>>>>> I've  done it.
>>>>>>
>>>>>> Regards, Tim
>>>>>>
>>>>>> Am 13.04.2005 um 19:15 schrieb James Mellor:
>>>>>>
>>>>>>> Thanks Tim,
>>>>>>>
>>>>>>> I'll definately try that out when I've sorted out my routing issue.
>>>>>>>
>>>>>>> Problem I have is that the WAN interface has an IP assigned 
>>>>>>> from  the  same /28 range as I want to give to computers on my 
>>>>>>> network,  I don't  mind losing an interface, but I need to use 
>>>>>>> DHCP to  assign IP's from  my /28 range to computers on my 
>>>>>>> network then  throttle their upstream  and downstream connection 
>>>>>>> to the  internet.
>>>>>>>
>>>>>>> I don'w know what subnet to assign to each interface so that 
>>>>>>> out  of  my /28 range the WAN has one IP and the rest are 
>>>>>>> available to  my  machines on another interface without NAT or 
>>>>>>> bridging, you may  have  quessed I'm not too up on my IP 
>>>>>>> addressing and stuff ;-)
>>>>>>>
>>>>>>> Cheers, James....
>>>>>>>
>>>>>>>
>>>>>>> Tim Korves wrote:
>>>>>>>
>>>>>>>> Hi James,
>>>>>>>>
>>>>>>>> you don't need to bridge... Why don't you use your m0n0wall as  
>>>>>>>> ADSL  router? So I do and I also have a subnet assigned by my 
>>>>>>>> ISP   (194.77.75.96/27). My WAN Interface got an address 
>>>>>>>> assigned by  the  PPP server of my ISP, my LAN Interface got 
>>>>>>>> the first IP of  my  subnet. The only thing I had to do was, to 
>>>>>>>> allow all traffic  from  WAN to LAN and LAN to WAN... 
>>>>>>>> Everything works fine, without   bridging...
>>>>>>>>
>>>>>>>> Greets, Tim
>>>>>>>>
>>>>>>>> Am 12.04.2005 um 23:05 schrieb James Mellor:
>>>>>>>>
>>>>>>>>> For the life of me I can't seem to work out how to setup  
>>>>>>>>> M0n0wall  to do NAT on LAN and route a public IP range to the  
>>>>>>>>> OPT interface,  I have read all the mail archive stuff and 
>>>>>>>>> read  the documentation.  Here's the setup I am trying to get 
>>>>>>>>> working:
>>>>>>>>>
>>>>>>>>> Public static IP range from my service provider is   
>>>>>>>>> 212.158.246.144/28
>>>>>>>>>
>>>>>>>>> WAN <---- IP address: 212.158.246.146 with Gateway address:   
>>>>>>>>> 212.158.246.145
>>>>>>>>>
>>>>>>>>> LAN <---- IP address: 192.168.0.1/24 private addresses setup 
>>>>>>>>> to  do  NAT and DHCP server enabled
>>>>>>>>>
>>>>>>>>> OPT <---- IP address: 212.158.246.147-158 useable
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> My ISP has given me a IP range 212.158.246.144/28, the first 
>>>>>>>>> IP   212.158.246.145 is taken by my ADSL router, the second 
>>>>>>>>> IP   212.158.246.146 I want assigned to the WAN and the rest I 
>>>>>>>>> would   like to assign to machines on the OPT interface.
>>>>>>>>>
>>>>>>>>> I know I could bridge the OPT and WAN interfaces however I 
>>>>>>>>> have   read that although I can enable filtering bridge and 
>>>>>>>>> throttle   inbound traffic I am unable to throttle outbound 
>>>>>>>>> traffic for a   specific IP address, another issue is that I 
>>>>>>>>> would like the DHCP   service to assign public IP's to 
>>>>>>>>> machines on the OPT interface,   from my understanding this 
>>>>>>>>> would not be possible with OPT  bridged  with the WAN interface.
>>>>>>>>>
>>>>>>>>> So with all that said I'm more than a little confused, I'm   
>>>>>>>>> borderline labotomising myself trying to work out how to get   
>>>>>>>>> M0n0wall to do this for me.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>             James Mellor.
>>>>>>>>>
>>>>>>>>> P.S. The most important thing for me is to use the DHCP 
>>>>>>>>> server  to  assign public IP addresses to machines on my 
>>>>>>>>> network and  then  throttle these machines upstream and 
>>>>>>>>> downstream access to  the  internet.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----------------------------------------------------------------- 
>>>>>>>>> -- --
>>>>>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>
>>>>
>>>>
>>>
>