[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  josh dot maillists at gmail dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall + segmented networks
 Date:  Fri, 16 Sep 2005 12:01:55 -0400
On 9/16/05, Josh Hyles <josh dot maillists at gmail dot com> wrote:
> Right, but how do you do that exactly? and is a DMZ really the best way? I
> still want people on the wifi to be protected by the firewall and such, and
> I want to allow access to just the printer on the LAN

Depending on how you look at it, teminology-wise it's not
"technically" a DMZ.  you aren't going to be opening anything into it
from the Internet.  But you do want to protect your LAN from that
segment.  semantics aside...

That's exactly right, setup that OPT/DMZ/wireless/'whatever you want
to call it' interface on another IP subnet, throw in an allow rule to
allow any to destination "not LAN subnet", and you're set.

To simplify the setup, bridge the wireless AP over to the OPT
interface rather than trying to route or NAT it over.