[ previous ] [ next ] [ threads ]
 
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Setting up m0n0wall!
 Date:  Wed, 17 Aug 2005 14:47:59 +0100
> what u do just use the first one (the ones left for your 
> pc's) on your m0n0wall directly assigned and what u can do is 
> to add the additional ones on your wan interface using proxy arp.

Basically, yes. Let the dynamode router get the IP from Zen automatically
(it'll get what Zen have given you as the "router IP"). Disable the DHCP
server on the Dynamode and configure m0n0's lan interface as a static IP,
choose one of the 5 IPs they've given you for your PCs (I tend to use the
one just below the router IP), set the subnet mask to /29 and you're good to
go.

Now, where you've got choices is in how you want to use the now 4 remaining
IPs for your clients. If you've only got that many PCs (or less), then you
might want to bridge WAN with OPT1 and enable the filtered bridge. This
would mean your PCs could have true external IPs.

A nice compromise, particularly where you have a transient number of PCs,
would be to drop servers which need public IPs onto OPT1 and use the
filtered bridge on that, then leave LAN natted.

Yet another alternative (and the one I use personally) would be to leave the
network natted and use 1:1 NAT on specific machines you want to resolve to
an external IP, and enable proxy ARP on those addresses. This means your
machines will still have a private IP, but external hosts will see them by
their external IP. Advantage of this approach is you can mix public and
private IP machines on the same subnet without difficulty and without the
need to separate public IP machines onto a separate interface.

Regards,

Chris
-- 
C.M. Bagnall, Director, Minotaur I.T. Limited
Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: Minotaur_Chris
This email is made from 100% recycled electrons