Marc M. Adkins wrote:
> I'm looking to setup a WRAP-based m0n0wall firewall. It all looks
> doable (after the usual fussing). A few of questions, just to avoid
> rude shocks...
> I was going to get the WRAP w/3 ethernet ports. Installation
> instructions label one of these WAN, one LAN, the other not mentioned.
> I was hoping to have:
> * WAN to DSL modem
> * LAN to house LAN (12-port router already in place)
> * LAN for DMZ for future small-scale web services
> * potential for wireless (undecided yet)
> I wanted to confirm that I can in fact use all three ethernet ports
> and create a usable DMZ on one of them. I understand that total
> bandwidth will not be huge, but my DSL pipe isn't huge. I want
> something that will get me started...if I ever need bigger iron I'll
> hopefully have justification for bigger expenditures. I do see the
> DMZ section in the documentation...I just wanted to make sure the WRAP
> board with three ethernet ports will do this.
Yes, the third port will end up as "OPT1".
> The other question...just curious...I'm using a DSL modem now. Will
> m0n0wall connect directly to DSL line if I'm so inclined? I have
> heard horror stories about doing this from a *NIX-based firewall box
> and in fact had some delays original getting the modem properly
> configured. I do remember it being PPPoE something-or-other...which
> seems to be in the m0n0wall documentation. Not a necessary item since
> I have the DSL modem, but I like the idea of one less piece of
> hardware and then I have a spare for failover.
If your DSL provider uses PPPoE, then you'll need to use that. Many DSL
providers no longer require PPPoE, and instead just hand your equipment
an IP address via DHCP.
> WRT wireless, which I wouldn't have on a bet without a reliable
> firewall (being one paranoid SOB), I'm wondering if anyone has input
> on cards and antenna configurations. This is just a stand-alone house
> configuration. All my wiring is in a centrally located utility room
> in the basement, only one floor above that. I figure a 60-90 foot
> sphere covers the house but I'm not knowledgeable about antennas and
> we seem to have continuous coverage issues with OTS wireless hardware
> at work (concrete and reinforced steel construction in downtown
> Seattle vs. normal wood frame house if that matters).
Unless you are *very* good, and like messing with the software, your
best bet for wireless, if you want "Access Point" fuctionality is to get
one of the prism2.5-based miniPCI cards on the market. Since
Prism-anything has been EOLed,
and has been "non-competitive" in price (at the chipset level) for
years, your choice comes down to finding something on EBay,
stripping something out of a notebook (many of the earliest 11b
notebooks carried such a card. If you want a 'new' card you're
essentially limited to the ones by Zcommax or Senao/Engenius. There are
several resellers for both brands (ODMs) on the web. A few of them
even know how to spell "m0n0wall".