[ previous ] [ next ] [ threads ]
 
 From:  Josh Hyles <josh dot maillists at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall + segmented networks
 Date:  Fri, 16 Sep 2005 12:09:58 -0400
Ok, one last question, how would I bridge the wifi with OPT interface when 
the linksys router is being plugged into the OPT interface? remember, this 
is an external router... WRT54G... or maybe I am misunderstanding you. 
 If intefaces are bridged, does that mean they have complete access to each 
other? or is that where the firewall rules come into play? 
 If i did want to route the wifi(OPT) interface to the WAN, how would I do 
that? 
 Thanks in advance. 

 On 9/16/05, Chris Buechler <cbuechler at gmail dot com> wrote: 
> 
> On 9/16/05, Josh Hyles <josh dot maillists at gmail dot com> wrote:
> > Right, but how do you do that exactly? and is a DMZ really the best way? 
> I
> > still want people on the wifi to be protected by the firewall and such, 
> and
> > I want to allow access to just the printer on the LAN
> >
> 
> Depending on how you look at it, teminology-wise it's not
> "technically" a DMZ. you aren't going to be opening anything into it
> from the Internet. But you do want to protect your LAN from that
> segment. semantics aside...
> 
> That's exactly right, setup that OPT/DMZ/wireless/'whatever you want
> to call it' interface on another IP subnet, throw in an allow rule to
> allow any to destination "not LAN subnet", and you're set.
> 
> To simplify the setup, bridge the wireless AP over to the OPT
> interface rather than trying to route or NAT it over.
> 
> -Chris
>