[ previous ] [ next ] [ threads ]
 
 From:  Dave Smith <dave at smiff dot co dot uk>
 To:  Chris Bagnall <m0n0wall at minotaur dot cc>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Setting up m0n0wall!
 Date:  Wed, 17 Aug 2005 15:58:19 +0100
Chris Bagnall wrote:

>>what u do just use the first one (the ones left for your 
>>pc's) on your m0n0wall directly assigned and what u can do is 
>>to add the additional ones on your wan interface using proxy arp.
>>    
>>
>
>Basically, yes. Let the dynamode router get the IP from Zen automatically
>(it'll get what Zen have given you as the "router IP"). Disable the DHCP
>server on the Dynamode and configure m0n0's lan interface as a static IP,
>choose one of the 5 IPs they've given you for your PCs (I tend to use the
>one just below the router IP), set the subnet mask to /29 and you're good to
>go.
>
>Now, where you've got choices is in how you want to use the now 4 remaining
>IPs for your clients. If you've only got that many PCs (or less), then you
>might want to bridge WAN with OPT1 and enable the filtered bridge. This
>would mean your PCs could have true external IPs.
>
>A nice compromise, particularly where you have a transient number of PCs,
>would be to drop servers which need public IPs onto OPT1 and use the
>filtered bridge on that, then leave LAN natted.
>
>Yet another alternative (and the one I use personally) would be to leave the
>network natted and use 1:1 NAT on specific machines you want to resolve to
>an external IP, and enable proxy ARP on those addresses. This means your
>machines will still have a private IP, but external hosts will see them by
>their external IP. Advantage of this approach is you can mix public and
>private IP machines on the same subnet without difficulty and without the
>need to separate public IP machines onto a separate interface.
>
>Regards,
>
>Chris
>  
>
Chris,

I'm thinking your approach would be the best way to go - mainly as you 
seem to know what your doing, and this is still kind of stuff is new to me!

Thanks again,

Dave Smith