Gosh, I really was brain dead. You're right, the functionality is all there- both the internal
wired & wireless networks and the external wireless network have access to the internet! That was
the big hurdle.
But an external machine 10.10.10.x can type an internal IP address in their web browser 192.168.1.x
and get a logon screen to that machine (assuming the browsed machine is running a web server). I'd
like to have the 192.168.1.x network invisible and unreachable from the external 10.10.10.x network.
I assume if they can get to web servers on the 192 network, they can also get to network shared
drives, printers, etc. which is unacceptable.
I'd guess separating the networks can be done through m0n0wall - it is a firewall, after all, right
- so I'll do my homework and try to figure that out. If anyone has any tips on this I'll take them,
but I also don't mind doing the grunt work of tracking info down.
I just wanted to clarify that my network(s) ARE working as they should for Internet access; I must
have been one reboot short last night.
----- Original Message -----
From: Brett Krueger
To: Paul Rupp
Cc: m0n0wall at lists dot m0n0 dot ch
Sent: Friday, August 05, 2005 4:52 PM
Subject: Re: [m0n0wall] M0n0wall + Two Wireless Networks + Wired Network
Can't you just plug your m0n0 into a port on your current router? Ive
done this multiple times before and had everything working downstream.
As long as you dont dive too deep into port forwarding madness, it all
works. No real magic there.
Brett Krueger [ sigterm at rootednetworks dot com ]
[ http://www.sigterm.net ][ http://www.rootednetworks.com ]
Paul Rupp wrote:
> I am trying to integrate m0n0wall (built on generic PC) into my current network situation. The
goal is to provide community wireless access to my spare bandwidth without opening up my "internal"
wired/wireless network to everyone in the world. I'd like to do this with as little disruption to
the internal network as possible (I'm running servers, port forwarding, etc., already set up and
working!). Currently I have a standard LAN (Cable Modem -> Wired/Wireless). I have both wired and
wireless clients on the internal network.
> I can get M0n0wall working when I plug my Cable Modem into m0n0's WAN port, and my "outside"
Access Point into m0n0's LAN port, but of course that prevents my internal network from having
access to the internet.
> Essentially the question I have, is how do I share my Cable/WAN connection to BOTH my current
router, and also to the m0n0wall box? I might be able to add another ethernet NIC into the m0n0wall
system and "promote" m0n0wall to next in line after the cable modem, but would rather not. I'd
rather not do this to avoid adding another layer of complexity to my internal network (port forwards
already setup, etc.) and also I may in the near future purchase a dual-WAN router (for two broadband
connections) and this would complicate that scenario as well.
> In my current setup (described below), I can connect to the "external" Access Point, but don't
have Internet connectivity. Ideally my setup would look like this (but this doesn't seem to work):
> Cable Modem (External IP)
> Router/Wireless Network (Internal IP/DHCP Server 192.168.0.0)
> | |
> | ----- Internal Wired Network
> ------(WAN IP from Router DHCP)-- M0n0wall (DHCP Server on LAN 10.0.0.0)
> (LAN 10.10.10.1)
> |----- (LAN port IP from m0n0wall DHCP)
AP for "external" wireless Internet
> In the future I will incorporate at least Captive Portal technology, and possibly RADIUS
authenticated external users into the mix, so ideally any suggestions will allow for this. I've
searched the archives for two days straight, but maybe I'm not clear enough about what I'm trying to
do, or what search terms to use. I'm sure I'm missing something obvious; SOMENONE must have tried
to do this before! Can anyone point me in the right direction?
> - Paul
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch