[ previous ] [ next ] [ threads ]
 
 From:  Jason Boles <threepercentmilk at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  using real IP's on LAN - 1:1 NAT, bridge, other ?
 Date:  Wed, 1 Jun 2005 21:49:12 -0400
Hi all,
  I'm running m0n0wall on a 3 NIC wrap board.  I'd like to use the
firewall in a non-NAT fashion, where each machine behind the firewall
has a real IP address.  We have a sonicwall in place now that does the
job, but is out of it's support contract and a few years old and
getting too slow.  It has what is called "Intranet" mode, where you
specify the "real" IPs that are on the LAN port, and it assumes
everything else is on the WAN.  All of the real IPs are in the same
subnet, but none are contiguous.  Each machine is configured with it's
own real ip, with a default gateway that is on the WAN
(xxx.xxx.xxx.1).  The sonicwall has 1 real IP as well.  It seems as
though it is doing a filtered bridge, but I have no access to the
underlying implementation.

  I'm looking for a way to get the same functionality using m0n0wall.
Should I use the WAN->OPT1 bridge function?  I would like to have a
DMZ as well, and from searching the list, it seems that the WAN/LAN
cannot be bridged.  Can the WAN and LAN be assigned the same IP
address?

I would need to be able to access anything in the DMZ from the LAN
side as well, and I read there was a bug with netfilter that wouldn't
allow NATed traffic to reach a bridged-DMZ.
What's the advantage of a filtered bridge on DMZ vs DMZ 1:1 NAT ?
Bridges should have higher performance than a router, but in the case
of a firewall, is that true ?


Thanks ahead of time,
-Jason