[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Tonni Aagesen <agent29 at stofanet dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Basic setup?
 Date:  Tue, 9 Dec 2003 13:12:28 +0100 
On 09.12.2003, at 12:56, Tonni Aagesen wrote:

> My aim with the box is to share a internet connection between some 
> clients on the lan, NAT a few ports to some servers, and else block 
> unwanted trafic. My setup looks like this:

Nothing is easier than that. Start with the factory default 
configuration. By default, the LAN interface is sis0 (Net0 on the 
net4801) and WAN is sis1 (Net1), so you don't even have to change the 
port configuration.

- Use the console menu to assign the IP address 10.0.0.1/24 to the LAN 
interface.

- Enable the DHCP server on LAN, too.

- Set up all your clients to use DHCP.

- Access the webGUI from a client (http://10.0.0.1 in this case).

- Configure the WAN interface with the appropriate settings if you're 
not using DHCP on WAN.

- Add a few NAT rules (along with auto-added filter rules) to 
selectively permit inbound traffic to some ports on your servers.

Voilà, you're done. By default all outgoing traffic is permitted while 
all incoming traffic is denied.

If you don't want to use DHCP on LAN, then that's fine, too - just make 
sure your clients use m0n0wall as their default gateway and have some 
DNS servers assigned, too.

> 1) Is the "Brigde" mode nessecary to get clients on LAN on the 
> internet?

Definitely not. Bridge is only necessary in special scenarios, and I 
recommend staying away from it if at all possible, because it makes 
things less than straightforward.

HTH,

Manuel