[ previous ] [ next ] [ threads ]
 
 From:  "henry" <henry at ttcomaha dot com>
 To: 
 Subject:  Re: [m0n0wall] Newbie help
 Date:  Wed, 29 Jun 2005 21:14:14 -0500
Do you know what file do I need to change on the firewall so the firewall will save these changes
ona reboot?


> 
> On 6/30/05, henry <henry at ttcomaha dot com> wrote:
> > I am new to Monowall and I need help.  I have 2 physical interfaces in my
>  box and that works fine.  Now I need to add 3 more subnets to the LAN side
>  of the box.  I've tried using VLANS but I can not get it to pass traffic t
> o or from the VLANS.  The primary subnet is 192.168.254.0/24  I need to add
>  172.40.25.0/24, 10.0.15.1/28 and 10.0.21.1/28.  Any insight would be helpf
> ul.
> > 
> 
> Unless you have VLAN-aware switches in your LAN then it's not going to
> work - sorry.  You actually don't need VLANs for this to work, just
> assign the extra addresses to m0n0's LAN interface - test with
> exec.php:
> 
> ifconfig {LAN-device} inet {new-IP} netmask {eg: 255.255.255.240 - for the 
> /28s}
> 
> eg:
> ifconfig sis1 inet 172.40.25.254 netmask 255.255.255.0 alias
> ifconfig sis1 inet 10.0.15.254 netmask 255.255.255.240 alias
> ifconfig sis1 inet 10.0.21.254 netmask 255.255.255.240 alias
> 
> For each subnet, make the relevant m0n0 address the gateway for those
> machines.  You will need to add specific rules to allow the packets in
> on the LAN interface, because the default rule that allows everything
> in from the LAN will apply *only* to the packets which match the
> address you have given the LAN interface in the GUI - this is
> important, because m0n0 will (by default) block these other packets,
> since they do not match the LAN interface network address.
> 
> ie: in your scenario the default LAN rule allows the 192.168.254.0/24
> source addressed packets to go anywhere.  When you add the three extra
> IP's above, you will need to add three extra rules to m0n0 (just click
> the + next to the existing rule and modify the source address/mask as
> required).
> 
> Whether you want them to be able to access each other is another
> story.  Using rules as I have descibed above will let that happen,
> since a copy of the default rule will allow any destination, including
> those on the same LAN.
> 
> --g'luck
> gm