On 6/1/05, Jason Boles <threepercentmilk at gmail dot com> wrote:
> Hi all,
> I'm running m0n0wall on a 3 NIC wrap board. I'd like to use the
> firewall in a non-NAT fashion, where each machine behind the firewall
> has a real IP address. We have a sonicwall in place now that does the
> job, but is out of it's support contract and a few years old and
> getting too slow. It has what is called "Intranet" mode, where you
> specify the "real" IPs that are on the LAN port, and it assumes
> everything else is on the WAN. All of the real IPs are in the same
> subnet, but none are contiguous. Each machine is configured with it's
> own real ip, with a default gateway that is on the WAN
> (xxx.xxx.xxx.1). The sonicwall has 1 real IP as well. It seems as
> though it is doing a filtered bridge, but I have no access to the
> underlying implementation.
Does sound like a filtered bridge.
> I'm looking for a way to get the same functionality using m0n0wall.
> Should I use the WAN->OPT1 bridge function? I would like to have a
> DMZ as well, and from searching the list, it seems that the WAN/LAN
> cannot be bridged.
You can bridge OPT and WAN and leave LAN unplugged. You stated above
that all your machines have public IP's, so that'd be how I would do
> Bridges should have higher performance than a router, but in the case
> of a firewall, is that true ?
Yes, it's faster to bridge than NAT, but unless you have 25-30+ Mb of
internet bandwidth, you won't notice a difference on a WRAP.