[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Geoff Brisbine" <geoff dot brisbine at gmail dot com>
 Cc:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Using m0n0wall as a QoS bridge?
 Date:  Thu, 23 Feb 2006 12:11:19 +0500 
On 2/23/06, Geoff Brisbine <geoff dot brisbine at gmail dot com> wrote:
> Is there any way to set it like?
>
> DSL ----- WAN/m0n0/OPT1 ----- WAN/FW2/LAN ----- clients
>
> The features that I like for the firewall are more features for the
> internal side rather than the external side.
>
> I looked at section 14.3 in the documentation for a filtered bridge,
> but it appears to be going by the theory that you are allocated a
> subnet by the ISP, where you will use one for WAN and the rest for
> OPT1.  I'm just getting one IP from my ISP, so the addresses would
> be...
>
> m0n0_WAN: 11.22.33.44 (public)
> m0n0_OPT1: 192.168.0.1
>
> FW2_WAN: 192.168.0.2
> FW2_LAN: 192.168.1.1
>
> clients: 192.168.1.0/24
>
> Can I bridge the WAN to a different network on an OPT?  I can't choose
> a /32 for bridging on OPT1.  Also, since I only have one IP from my
> ISP (that will be on m0n0_WAN), I assume I'll have to set up some NAT
> rules for the traffic that's coming from FW2_WAN?
>
> I would presume for configuration I would just plug m0n0_LAN into my
> main switch, let it obtain an IP address and then configure it that
> way?
>
> On 2/22/06, Holger Bauer <Holger dot Bauer at citec dash ag dot de> wrote:
> > Set it up like this:
> > Provider DSL-Line-----------wan/old router/lan------WAN/m0n0/OPT1------Clients
> >
> > At the m0n0 bridge OPT1 to WAN and enable filtering bridge at System>Advanced. You need an
unused LAN interface in your box as you can't bride LAN to WAN (designlimitation). Add firewall
rules to your WAN and OPT1 to allow all traffic. For the WAN IP choose a free IP of your local
subnet. You then can do the administration via the m0n0s WAN IP. Make sure all clients are behind
the m0n0, so all traffic gets shaped. This way the m0n0 only does traffic shaping and is besides of
this transparent.
>
> ---

What traffic do you want to manage/how do you want to manage it? If
you want to manage by LAN IP address then
 Provider DSL-Line-----------wan/old router/lan------WAN/m0n0/OPT1------Clients
would be better
If you want to manage by ports or WAN ip address then
DSL ----- WAN/m0n0/OPT1 ----- WAN/FW2/LAN ----- clients
would work. Here you do not see the client IP addresses, just the
WAN/FW2 ip address if FW2 is NATing

sai