[ previous ] [ next ] [ threads ]
 
 From:  KnightMB <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] noobie questions
 Date:  Sat, 18 Mar 2006 10:59:32 -0600 
Would be glad to share.

To start, my ISP provides a bridged Ethernet all the way to my business 
via SDSL.  So before, I just plugged the Ethernet right into the WAN of 
m0n0wall and used Arp Proxy to fill in the first 8 IP addresses.  
Everything worked great, but later on, I needed a few more IP and 
bandwidth to boot.  I ordered another line of bridged Ethernet to my 
business and when it got here, I had the same question as you did.  How 
do I get both of them into m0n0wall.  I read around on the mailing list, 
found on that m0n0wall only supported one physical WAN device.  So I 
started to think, well it's all bridged to the same place, just down two 
different pipes.  So I went out and bought a basic 10/100 netgear 
switch, connected both pipes Ethernet to the switch and m0n0wall to the 
switch.  Since both pipes had my IP's in the same range and gateway 
address, I also knew that each circuit is only set to respond with data 
exchange for certain IP address, so the first 8 map out pipe #1 and the 
last 2 map out pipe #2.  The only thing m0n0wall needed was 2 more proxy 
arp entries so that the IPs from pipe #2 could interact with data 
exchange.  So when data flows in from the first 8 IP address on pipe #1, 
m0n0wall catches it, when data comes in from IP address on pipe #2, 
m0n0wall works with them as well.  When data connections are going out, 
I used advanced outbound NAT to control which pipe outbound data is 
going via it's IP address.  I use pipe #2 to handle all my VoIP traffic, 
so all my VoIP adapters are set with a pseudo static internal LAN 
address and mapped outbound on one of the IP address of pipe #2, 
everything else maps outbound on pipe #1 depending on if it's web, mail, 
ftp, etc.

The only downside is that the traffic graph shows all traffic combined, 
so I can't tell which pipe it's using bandwidth from, only that I have 
twice more bandwidth going out than a single pipe can handle.  I've also 
done the whole thing of using computers to visit sites like 
whatismyip.com to show you what IP address you are connecting from.  So 
I know this is working the way I set it up.

The only way I see this not working is if the two pipes are not in the 
same range (one is 64.222.111.XXX and the other is 209.222.111.XXX) and 
thus would not share a common gateway.  So if you have 3 pipes from 3 
different ISP, it's probably not going to work the way I described above.

Thanks,
Michael

sai wrote:
> you have  proxy arp entries for all 10 WAN IP addresses?
>
> Could you let us have more details of your network? Sounds quite interesting.
>
> sai
>
> On 3/16/06, KnightMB <knightmb at knightmb dot dyndns dot org> wrote:
>   
>> m0n0wall may not handle 3 physical WAN cards, but it can certainly
>> handle 3 WAN addresses.  I use 10 WAN IPs on mine.  Just use a switch to
>> link all the WANs together, then connect the switch to the WAN of
>> m0n0wall and use the Proxy Arp to map all WAN that m0n0wall responds
>> to.  Works like a charm then :-)
>>
>> Thanks,
>> Michael
>>
>>     
>