Re: [m0n0wall] Network Plan Recommandation (SOS ! )

From:	=?ISO-8859-1?Q?J=E9r=E9mie?= <j dot tarot at tecsas dot fr>
To:	Christoph Hanle <christoph dot hanle at leinpfad dot de>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Network Plan Recommandation (SOS ! )
Date:	Thu, 23 Mar 2006 10:39:17 +0100
Hi,

Man, I have not enough (english !) words to tell tell my gratefulness... 
  may be _thank_you_so_much_ sum up them all. My Free Software life has 
begun 5 years ago and you've been one of the most helpful soul arround.
BIG UP ! :')

Ok me... let's tame the link now !
Will keep yall on touch...

Very very bests

Jé

Christoph Hanle a écrit :
> Jérémie schrieb:
>> Hi,
>>
>> I'm trying to setup a dual site network but facing difficulties with a 
>> cross site SDSL MPLS VPN :'(
>> I've tried so many m0n0wall setup combinations that I cannot remember 
>> wich I did and wich I didn't...
>> So at this stage, I've tried to make a clear and nice Network Map and 
>> ask for advices and recommandations.
>> You can find the plan here:
>>
>> http://tecsas.dyndns.org/netdiag.png
>>
>> The two firewalls are 5 NIC net4801 m0n0 boxes, ADSL lines are plugged 
>> on WAN interface. I've renamed optional interface with the name of the 
>> subnets they're linked to.
>> Like I said before, I've tried every combination I could imagine of 
>> SDSL interface IP address / static route(s)... to no luck.
>> Don't ask me why SDSL modems have the addresses they have...
>> Anyway, the "only" thing I'd like is to have my MPLS link behave like 
>> a crossed cable between the two sites... 800Km away from each other :) 
>> I mean, to be able to reach each subnet on each side of this %µ£µ££% 
>> link !
>>
>> As I have _no_ confidence _at_all_ in "technical" contacts I can talk 
>> to at the provider's, I hope someone here will give me real advices so 
>> I can adequatly fill the tech change form with:
>> - good IP addresses for the SDSL modems and m0n0 interfaces
>> - good routes to setup both on modems and m0n0 boxes
> Hi, I don't see your problem:

My Networking knowledge I'm afraid... but you've raised my motivation to 
improve it like no one did before ;)

> -------------------------------------
> left side:
> MPLS-router 10.10.12.254/30
> M0n0    10.10.12.253/30
> 
> Routes on MPLS-router:
> 192.168.1.0/24 gateway 10.10.12.253
> 192.168.0.0/24 gateway 10.10.12.253
> 192.168.3.0/24 gateway 10.10.12.253
> 192.168.10.0/24 gateway MPLS-IP of the right MPLS-router
> 192.168.11.0/24 dito.
> 192.168.13.0/24 dito.
> no 0.0.0.0 route
> 
> Routes on the m0n0
> 10.10.13.252/30 gateway 10.10.12.254 (see right side)
> 192.168.10.0/24 gateway 10.10.12.254
> 192.168.11.0/24 gateway 10.10.12.254
> 192.168.13.0/24 gateway 10.12.12.254
> 0.0.0.0 gateway ADSL
> ------------------------------------------
> 
> right side:
> MPLS-router 10.10.13.254/30
> M0n0    10.10.13.253/30   
> 
> Routes on MPLS-router:
> 192.168.11.0/24 gateway 10.10.13.253
> 192.168.10.0/24 gateway 10.10.13.253
> 192.168.13.0/24 gateway 10.10.13.253
> 192.168.0.0/24 gateway MPLS-IP of the left MPLS-router
> 192.168.1.0/24 dito.
> 192.168.3.0/24 dito.
> no 0.0.0.0 route,
> 
> Routes on the m0n0
> 10.10.12.252/30 gateway 10.10.13.254 (see right side)
> 192.168.0.0/24 gateway 10.10.13.254
> 192.168.1.0/24 gateway 10.10.13.254
> 192.168.3.0/24 gateway 10.12.13.254
> 0.0.0.0 gateway ADSL
> 
> For debugging it is fine to know the MPLS IPs.
> This routes have benn added on each m0n0.
> If you don't get them from your MPLS-provider, try it with a tracert 
> between right and left. Don't forget allowing icmp on every interface.
> 
> bye
> Christoph
>>
>> The rope is already around my neck (;) )... any help will be greatly 
>> appreciated !
>>
>> Bests
>> Jé
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
>