[ previous ] [ next ] [ threads ]
 
 From:  Niklas Petersen <niklas at vestermarken dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Running m0n0wall behind existing router
 Date:  Thu, 02 Jun 2005 10:56:47 +0200 
Hi everyone

I have tried looking through the archives, but couldn´t find an answer 
to my problem:

I want to use m0n0wall as traffic shaper for the network in my 
appartment building. We are currently using a Cisco router, and for the 
time being I would like to keep this router running NAT and taking care 
of DHCP. The Cisco has the WAN IP from our ISP. The LAN currently uses 
10.1.0.0 255.255.0.0

I would like to set it up as follows:


         ISP DHCP
            |
Cisco Ethernet1/1     WAN 80.x.x.x
Cisco FastEthernet0/0 LAN 10.1.0.1
            |
     m0n0wall WAN ?.?.?.?
     m0n0wall LAN ?.?.?.?
            |
        PC clients ?.?.?.?


Sofar I have been semi-succesful getting this to work. I used 10.1.0.7 
as WAN and 10.1.0.6 as LAN on m0n0wall. Turned off NAT and disabled DHCP 
in m0n0. I set up a client machine with IP 10.1.0.9 and 10.1.0.6 as gateway

This way I was able to get an ICMP packet through to the internet. I was 
however not able to browse any webpages. I took a look at the routing on 
the Cisco. It currently has one route:

ip route 10.1.0.0 255.255.0.0 FastEthernet0/0

I am not too much of a network wiz, but I´m guessing the packet with the 
actual webpage data, is being sent back to the wrong place instead of 
m0n0wall where it was supposed to? That was my idea anyway, so I added:

ip route 10.1.0.9 255.255.255.255 10.1.0.7

which made me able to browse webpages on the client PC.

This leads me to believe that this setup *could* actually work - but I 
simply don't know how to make a similiar routing for all the client 
machines on the LAN (10.1.0.0 255.255.0.0).

I tried adding these two routes instead of the existing:

ip route 10.1.0.7 255.255.255.255 FastEthernet0/0
ip route 10.1.0.0 255.255.0.0 10.1.0.7

No luck.

Now my question is: Would this IP setup work at all, and if so can 
anyone tell me what kind of routes I need to add, or anything else I 
need to do, in order to make it work?

If this is not the way of doing it, could someone tell me how I can set 
this up?

Any help is greatly appreciated.

Kind regards,
Niklas Petersen




-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 267.4.1 - Release Date: 02-06-2005