[ previous ] [ next ] [ threads ]
 
 From:  "Jose Eduardo" <joseeduardo at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Doubts of novice
 Date:  Fri, 24 Feb 2006 13:39:37 -0300 
On 2/24/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>
> From: "James W. McKeand" <james at mckeand dot biz>
> > Jose Eduardo wrote:
>
> > > -How I can give 2 (or more) ip address to same LAN interface?
> > You cannot, this breaks fundamental rules of IP networking. All nodes
> > must have unique IP address.
> You can, but it is not a clean hack.  It requires commands from the
> exec.php
> page, or shell commands in the config.  It is also considered poor
> practice
> in production.  And then people tell you to set the IP of your access
> points
> to an address outside the subnet for (implied but not real) security.
> Sigh...  What are you actually trying to do?


This is just for development not for production;


> > -How I can make a port forward in my LAN? all connection to m0n0wall
> > > in port 3128 redirect to another ip in my LAN, in some port?
> > If you want to forward from the WAN interface (i.e. outside your
> > network) to a machine in your LAN, use Inbound NAT rules. Make sure to
> > tick the auto-create firewall rule box.
> > If you want to redirect traffic from one machine to another on your LAN,
> > I'm not sure you can do that. There has been some chatter about
> > redirecting SMTP, I would start with searching the archive on that.
> Another dirty undocumented hack discussed by people far beyond me in the
> m0n0 sphere. (Chris Buechler and Jonathan De Graeve)  This would need to
> be
> in the config, for example.
> <nat>
> <rule>
>   <protocol>tcp</protocol>
>   <external-port>25</external-port>
>   <target>192.168.1.5</target>
>   <local-port>25</local-port>
>   <interface>wan</interface>
>   <descr>redirect SMTP to WAN SMTP server</descr>
> </rule>
> </nat>
> Of course, if the machine at .5 tries to get out, it may get stuck in a
> recursive loop...
>

Today I have some like this:

  Local Area
       I
 --------------
|Linux Machine |
|  Firewall    | ---- External Units
|   Squid      |
|   Router     |
 --------------
       I
      Net

And I try design this

  Local Area
       I         lan
 --------------
|  m0n0wall    | opt
|  Firewall    | ---- External Units
|   Router     |
 --------------
       I         wan
 --------------
|Linux Machine |
|  Firewall    |
|   Squid      |
 --------------
       I
      Net

The m0n0 will receive the LAN ip of Linux Machine (because he is  in all
routers of external units) and I redirect some ports to new ip of Linux
Machine.

Can I change "interface" in config?

Thanks