[ previous ] [ next ] [ threads ]
 
 From:  "Geoff Brisbine" <geoff dot brisbine at gmail dot com>
 To:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Using m0n0wall as a QoS bridge?
 Date:  Wed, 22 Feb 2006 20:21:50 -0600
Is there any way to set it like?

DSL ----- WAN/m0n0/OPT1 ----- WAN/FW2/LAN ----- clients

The features that I like for the firewall are more features for the
internal side rather than the external side.

I looked at section 14.3 in the documentation for a filtered bridge,
but it appears to be going by the theory that you are allocated a
subnet by the ISP, where you will use one for WAN and the rest for
OPT1.  I'm just getting one IP from my ISP, so the addresses would
be...

m0n0_WAN: 11.22.33.44 (public)
m0n0_OPT1: 192.168.0.1

FW2_WAN: 192.168.0.2
FW2_LAN: 192.168.1.1

clients: 192.168.1.0/24

Can I bridge the WAN to a different network on an OPT?  I can't choose
a /32 for bridging on OPT1.  Also, since I only have one IP from my
ISP (that will be on m0n0_WAN), I assume I'll have to set up some NAT
rules for the traffic that's coming from FW2_WAN?

I would presume for configuration I would just plug m0n0_LAN into my
main switch, let it obtain an IP address and then configure it that
way?

On 2/22/06, Holger Bauer <Holger dot Bauer at citec dash ag dot de> wrote:
> Set it up like this:
> Provider DSL-Line-----------wan/old router/lan------WAN/m0n0/OPT1------Clients
>
> At the m0n0 bridge OPT1 to WAN and enable filtering bridge at System>Advanced. You need an unused
LAN interface in your box as you can't bride LAN to WAN (designlimitation). Add firewall rules to
your WAN and OPT1 to allow all traffic. For the WAN IP choose a free IP of your local subnet. You
then can do the administration via the m0n0s WAN IP. Make sure all clients are behind the m0n0, so
all traffic gets shaped. This way the m0n0 only does traffic shaping and is besides of this
transparent.