[ previous ] [ next ] [ threads ]
 
 From:  Steve Yates <steve at teamITS dot com>
 To:  Mark Wass <mark dot wass at market dash analyst dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Monowall to MonoWall
 Date:  Fri, 23 Sep 2005 20:47:13 -0500
On Sat, 24 Sep 2005 11:28:15 +1000
Mark Wass <mark dot wass at market dash analyst dot com> wrote:

>MonoWall1 (WAN) = A realworld IP X.X.X.X /30
>MonoWall1 (LAN) = A realworld IP X.X.X.X/27

> If someone could could clue me up on what the issues are involved here 
> that would be great. 

	Your diagram is mostly correct, as long as you have two
m0n0walls you should be fine.  I would suggest you consider adding a
third NIC to MonoWall1, make MonoWall1 (OPT1) bridged to MonoWall1
(WAN), and leave MonoWall1 (LAN) for configuration only.  That will save
you a public IP address (sadly you can't bridge LAN to WAN).

	One potential pitfall: m0n0wall gets confused if the LAN and
OPT1 are connected to the same wired network.  It sees packets from
itself on the other interface and panics...er, gets confused.  To to
configure it you'll need to connect a PC directly to LAN, or through
another switch.

>My biggest confusion is will I need NAT to the DMZ 

	No.

> and if not how do I turn off NAT for the DMZ.

	Uncheck the box?

 - Steve Yates
 - ITS, Inc.
 - One hundred hairy bugs in the code, one hundred hairy bugs...

~ Taglines by Taglinator 4 - www.srtware.com ~