How many nics does your m0n0wall have? If you have an extra, slap it in
there and create the 'private' subnet for your personal use, then create
the 'public' side and make access rules in m0n0 to block all requests
from 'public lan' to 'private lan'. Personally thats what i would do to
simplify it all.
hope that helps.
Brett Krueger [ sigterm at rootednetworks dot com ]
[ http://www.sigterm.net ][ http://www.rootednetworks.com ]
Paul Rupp wrote:
> Gosh, I really was brain dead. You're right, the functionality is all there- both the internal
wired & wireless networks and the external wireless network have access to the internet! That was
the big hurdle.
> But an external machine 10.10.10.x can type an internal IP address in their web browser
192.168.1.x and get a logon screen to that machine (assuming the browsed machine is running a web
server). I'd like to have the 192.168.1.x network invisible and unreachable from the external
10.10.10.x network. I assume if they can get to web servers on the 192 network, they can also get
to network shared drives, printers, etc. which is unacceptable.
> I'd guess separating the networks can be done through m0n0wall - it is a firewall, after all,
right - so I'll do my homework and try to figure that out. If anyone has any tips on this I'll take
them, but I also don't mind doing the grunt work of tracking info down.
> I just wanted to clarify that my network(s) ARE working as they should for Internet access; I must
have been one reboot short last night.
> - Paul
> ----- Original Message -----
> From: Brett Krueger
> To: Paul Rupp
> Cc: m0n0wall at lists dot m0n0 dot ch
> Sent: Friday, August 05, 2005 4:52 PM
> Subject: Re: [m0n0wall] M0n0wall + Two Wireless Networks + Wired Network
> Can't you just plug your m0n0 into a port on your current router? Ive
> done this multiple times before and had everything working downstream.
> As long as you dont dive too deep into port forwarding madness, it all
> works. No real magic there.
> Brett Krueger [ sigterm at rootednetworks dot com ]
> [ http://www.sigterm.net ][ http://www.rootednetworks.com ]
> Paul Rupp wrote:
> > I am trying to integrate m0n0wall (built on generic PC) into my current network situation.
The goal is to provide community wireless access to my spare bandwidth without opening up my
"internal" wired/wireless network to everyone in the world. I'd like to do this with as little
disruption to the internal network as possible (I'm running servers, port forwarding, etc., already
set up and working!). Currently I have a standard LAN (Cable Modem -> Wired/Wireless). I have both
wired and wireless clients on the internal network.
> > I can get M0n0wall working when I plug my Cable Modem into m0n0's WAN port, and my "outside"
Access Point into m0n0's LAN port, but of course that prevents my internal network from having
access to the internet.
> > Essentially the question I have, is how do I share my Cable/WAN connection to BOTH my current
router, and also to the m0n0wall box? I might be able to add another ethernet NIC into the m0n0wall
system and "promote" m0n0wall to next in line after the cable modem, but would rather not. I'd
rather not do this to avoid adding another layer of complexity to my internal network (port forwards
already setup, etc.) and also I may in the near future purchase a dual-WAN router (for two broadband
connections) and this would complicate that scenario as well.
> > In my current setup (described below), I can connect to the "external" Access Point, but don't
have Internet connectivity. Ideally my setup would look like this (but this doesn't seem to work):
> > Cable Modem (External IP)
> > |
> > |
> > Router/Wireless Network (Internal IP/DHCP Server 192.168.0.0)
> > | |
> > | ----- Internal Wired Network
> > |
> > ------(WAN IP from Router DHCP)-- M0n0wall (DHCP Server on LAN 10.0.0.0)
> > |
> > (LAN 10.10.10.1)
> > |
> > |----- (LAN port IP from m0n0wall
DHCP) AP for "external" wireless Internet
> > In the future I will incorporate at least Captive Portal technology, and possibly RADIUS
authenticated external users into the mix, so ideally any suggestions will allow for this. I've
searched the archives for two days straight, but maybe I'm not clear enough about what I'm trying to
do, or what search terms to use. I'm sure I'm missing something obvious; SOMENONE must have tried
to do this before! Can anyone point me in the right direction?
> > TIA!
> > - Paul
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch