[ previous ] [ next ] [ threads ]
 
 From:  Jonathan Karras <jkarras at karras dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routed IP Block - Uses
 Date:  Sat, 07 Jan 2006 16:43:59 -0700 
Actually all that needs to happen is configure your WAN with the /30
address. Then the VLAN on OPT with the first address in your /27
network. From your description you should use .193/27 on the VLAN
interface. Then on your PC's on that VLAN use x.x.x.193 as your gateway
and your subnet mask should be 255.255.255.224. The PC's on the VLAN can
then have addresses x.x.x.194-222. Just make sure your firewall is set
to allow traffic from VLAN to WAN and you should be good. No 1:1 NAT
needed.

Summary of settings
M0n0wall Interface settings
WAN
y.y.y.y/30

VLAN on OPT
x.x.x.193/27

M0n0wall Firewall settings (in addition to what you already have)
VLAN on OPT
Proto  	Source  	Port  	Destination  	Port  	Description
 *  	 VLAN net  	 *  	 *  	 *  	 Default VLAN -> any
This is just like the LAN firewall rule.

M0n0wall NAT
Remove any 1:1 settings you added for this subnet

M0n0wall Proxy ARP
Remove any Proxy ARP entrys for your /27 network.


PC's on VLAN
IP:x.x.x.194-222
Subnet mask: 255.255.255.224
Gateway: x.x.x.193

This should work the only thing I may have wrong is the Firewall
settings. In this config the m0n0wall box will just route (Layer 3) the
/27 network to your VLAN on the OPT interface. This will work just fine
as long as your ISP has the IP from your WAN (the /30) address as the
next hop for your /27 network. Which from your description sounds correct.

Feel free to correct me if I have messed anything up. I am new to
M0n0wall so there could be a lot wrong here.

Jonathan

Aaron with Morad wrote:
>>So I built a new interface, in my case it was a VLAN on OPT.  I gave it the
>>first IP of my /27 (.192).  Then I created a 1:1 entry for the next of the
>>/27 (.193).  I put a PC on that VLAN and gave it .193, using .192 as the
>>gateway.  Basically I have the public /27 public IPs inside the VLAN, and
>>they are 1:1 NATed out the WAN - same address in both spots in the 1:1
>>config.  Is this right?  The Internet sees the IP used in the PC.
>>
>>I have been running like this overnight with no issues other than an
>>inability to access google (.com and .ca) so far.  I have adjusted my MTU 
>>to
>>1400 for the new VLAN but still can't access google - no firewall entries 
>>to
>>show why either.  Other than that I haven't found anything else I can't do.
> 
> 
> So I walked away for about 15 minutes and now all is well.  Maybe the MTU 
> size change hadn't kicked in?  I did a reboot once the MTU was changed. 
> Hmmm... weird.  So it looks everything is working then.  Just want to make 
> sure what I did is what you were talking about.
> 
> Thanks again.
> 
> Aaron
signature.asc (0.8 KB, application/pgp-signature)