[ previous ] [ next ] [ threads ]
 
 From:  Tim Korves <tkml at cluster dash worxx dot net>
 To:  James Mellor <james at jamesx dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Public IP's on OPT issue, my Brain hurts - please help ;-)
 Date:  Thu, 14 Apr 2005 21:41:44 +0200
Hi James,

full ACK

Tim

Am 14.04.2005 um 21:36 schrieb James Mellor:

> Thanks Tim,
>
> This looks good to me, I can feel the cogs grinding in my Brain as it  
> tries to assimilate new information ;-) so to verify - would I be  
> correct when I say that from the info you gave all the machines on  
> your LAN are being assigned IP's from your DHCP server and are  
> communicating using public IP's through the WAN interface and onto the  
> internet.
>
> Also would I be correect in saying that your OPT1, OPT2, and PPTP have  
> a private IP range and so the rules you setup in the attached picture  
> allow M0n0wall to pass traffic from the OPT1, OP2, and PPTP interfaces  
> to the WAN and LAN interfaces.
>
> Does this mean that any machine on a pivate IP address on either OPT1,  
> OPT2, or PPTP is NAT'd to the internet through WAN ?
>
>
> Cheers,
>          James...
>
>
> Tim Korves wrote:
>
>> Hi James,
>>
>> it's just easy:
>>
>> Enable advanced NAT and do it like on my picture:
>>
>>
>>
>> Ok, it might be confusing...
>>
>> Explaination:
>>
>> WAN: 194.77.75.96/27
>> LAN: 194.77.75.96/27
>> OPT1: 10.1.1.0/24
>> OPT2: 10.1.2.0/24
>> PPTP: 10.1.3.0/28
>>
>> So you have to define, that the connections in your LAN don't have to  
>>  be masked by NAT.
>>
>> It's kind easy...
>>
>> Tim
>>
>> Am 14.04.2005 um 20:52 schrieb James Mellor:
>>
>>> Hi Tim,
>>>
>>> I've setup my M0n0wall box so that the OPT and WAN interface has the  
>>>  same IP address: 212.158.246.147 and the same subnet mask:   
>>> 255.255.255.240 or /28 and my Laptop can connect the internet fine,   
>>> the LAN interface has default NAT'd setup and I have not created any  
>>>  rules ;-)
>>>
>>> Problem is when I turn on Advanced Outbound NAT my Laptop connected  
>>> to  the LAN interface cannot browse anymore, if I turn this off  
>>> again then  all is fine again ? I read somewhere in these lists that  
>>> I need to  create a rule for the LAN interface but it doesn't say  
>>> anywhere what  type of rule to setup, do you have any ideas - by me  
>>> turning on  Advanced Outbound NAT am I turning off NAT on the LAN  
>>> interface as  well as the OPT interface ?
>>>
>>>
>>> Cheers,
>>>              James....
>>>
>>>
>>> Tim Korves wrote:
>>>
>>>> Hi James,
>>>>
>>>> full ACK
>>>>
>>>> Tim
>>>> Am 13.04.2005 um 20:31 schrieb James Mellor:
>>>>
>>>>> Hi Tim,
>>>>>
>>>>> You mean you setup m0n0wall to have the same public IP address on   
>>>>> the  WAN as on the OPT and you had computers on the OPT interface   
>>>>>  connecting to the internet with public IP's from the same   
>>>>> assignment.
>>>>>
>>>>>
>>>>> Cheers, James...
>>>>>
>>>>> Tim Korves wrote:
>>>>>
>>>>>> Hi James,
>>>>>>
>>>>>> you're able to set the same IP to your OPT interface. My former    
>>>>>> provider assigned a /29 to me, where the internal and external    
>>>>>> interface had the same IP... You could do it in the same way as   
>>>>>> I've  done it.
>>>>>>
>>>>>> Regards, Tim
>>>>>>
>>>>>> Am 13.04.2005 um 19:15 schrieb James Mellor:
>>>>>>
>>>>>>> Thanks Tim,
>>>>>>>
>>>>>>> I'll definately try that out when I've sorted out my routing  
>>>>>>> issue.
>>>>>>>
>>>>>>> Problem I have is that the WAN interface has an IP assigned from  
>>>>>>>  the  same /28 range as I want to give to computers on my  
>>>>>>> network,  I don't  mind losing an interface, but I need to use  
>>>>>>> DHCP to  assign IP's from  my /28 range to computers on my  
>>>>>>> network then  throttle their upstream  and downstream connection  
>>>>>>> to the  internet.
>>>>>>>
>>>>>>> I don'w know what subnet to assign to each interface so that out  
>>>>>>>  of  my /28 range the WAN has one IP and the rest are available  
>>>>>>> to  my  machines on another interface without NAT or bridging,  
>>>>>>> you may  have  quessed I'm not too up on my IP addressing and  
>>>>>>> stuff ;-)
>>>>>>>
>>>>>>> Cheers, James....
>>>>>>>
>>>>>>>
>>>>>>> Tim Korves wrote:
>>>>>>>
>>>>>>>> Hi James,
>>>>>>>>
>>>>>>>> you don't need to bridge... Why don't you use your m0n0wall as   
>>>>>>>> ADSL  router? So I do and I also have a subnet assigned by my  
>>>>>>>> ISP   (194.77.75.96/27). My WAN Interface got an address  
>>>>>>>> assigned by  the  PPP server of my ISP, my LAN Interface got  
>>>>>>>> the first IP of  my  subnet. The only thing I had to do was, to  
>>>>>>>> allow all traffic  from  WAN to LAN and LAN to WAN...  
>>>>>>>> Everything works fine, without   bridging...
>>>>>>>>
>>>>>>>> Greets, Tim
>>>>>>>>
>>>>>>>> Am 12.04.2005 um 23:05 schrieb James Mellor:
>>>>>>>>
>>>>>>>>> For the life of me I can't seem to work out how to setup   
>>>>>>>>> M0n0wall  to do NAT on LAN and route a public IP range to the   
>>>>>>>>> OPT interface,  I have read all the mail archive stuff and  
>>>>>>>>> read  the documentation.  Here's the setup I am trying to get  
>>>>>>>>> working:
>>>>>>>>>
>>>>>>>>> Public static IP range from my service provider is    
>>>>>>>>> 212.158.246.144/28
>>>>>>>>>
>>>>>>>>> WAN <---- IP address: 212.158.246.146 with Gateway address:    
>>>>>>>>> 212.158.246.145
>>>>>>>>>
>>>>>>>>> LAN <---- IP address: 192.168.0.1/24 private addresses setup  
>>>>>>>>> to  do  NAT and DHCP server enabled
>>>>>>>>>
>>>>>>>>> OPT <---- IP address: 212.158.246.147-158 useable
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> My ISP has given me a IP range 212.158.246.144/28, the first  
>>>>>>>>> IP   212.158.246.145 is taken by my ADSL router, the second IP  
>>>>>>>>>   212.158.246.146 I want assigned to the WAN and the rest I  
>>>>>>>>> would   like to assign to machines on the OPT interface.
>>>>>>>>>
>>>>>>>>> I know I could bridge the OPT and WAN interfaces however I  
>>>>>>>>> have   read that although I can enable filtering bridge and  
>>>>>>>>> throttle   inbound traffic I am unable to throttle outbound  
>>>>>>>>> traffic for a   specific IP address, another issue is that I  
>>>>>>>>> would like the DHCP   service to assign public IP's to  
>>>>>>>>> machines on the OPT interface,   from my understanding this  
>>>>>>>>> would not be possible with OPT  bridged  with the WAN  
>>>>>>>>> interface.
>>>>>>>>>
>>>>>>>>> So with all that said I'm more than a little confused, I'm    
>>>>>>>>> borderline labotomising myself trying to work out how to get    
>>>>>>>>> M0n0wall to do this for me.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>>             James Mellor.
>>>>>>>>>
>>>>>>>>> P.S. The most important thing for me is to use the DHCP server  
>>>>>>>>>  to  assign public IP addresses to machines on my network and   
>>>>>>>>> then  throttle these machines upstream and downstream access  
>>>>>>>>> to  the  internet.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --------------------------------------------------------------- 
>>>>>>>>> -- -- --
>>>>>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------- 
>>>>> --
>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>>
>>>>
>>>>
>>>
>
> <nat.tiff>