[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routing problem
 Date:  Thu, 30 Mar 2006 15:12:15 -0500 
On 3/30/06, Pasi Leinonen <ppleinon at hytti dot uku dot fi> wrote:
> Can m0n0wall act as a router (not a NAT device)?
>

Yes.  See FAQ on disabling NAT.


> My isp gives two networks 212.149.148.0/24 and 212.149.156.0/24 and gatewys
> 212.149.148.254 and 212.149.156.254. Endusers in lan uses these ip:s, gateway
> 212.149.148.254 and a mask /20.
>
> So how do I set the m0nowall to act as a router?
>

This is kind of a strange assignment from your ISP.  typically if you
get two /24's, you'll also get a /30 to connect your firewall or
router to the ISP's network.  Then it's very easy to route those
networks.


>
> Isp gave us:
> Networks 212.149.148.0./24 and 212.149.156.0/24
> Gateways 212.149.148.254 and 212.149.156.0/24 (shows to lan as a "same machine"
> (has same mac address)
>

Bridging is the only good way to make this kind of IP assignment work.

What you should do is request the ISP assign you a /30 for your
firewall's WAN, and have them route your two /24's to your WAN IP. 
Then it's a clean, easy setup using two internal interfaces (or
VLAN's), one for each /24.


> Is the big netmask /20 in a lan problem? Because we only use/"own" part of it
> (networks 212.149.148.0/24 and 212.149.156.0/24) so it leaves big gap between
> as those networks are already used in the internet by our isp. Can this be a
> problem to our isp?

It won't be a problem for your ISP, but it may be a problem if you
need to access other parts of that /20 network.  Depending on how your
ISP's network is set up (you all might be on the same broadcast domain
anyway, in which case it wouldn't matter), it may prevent you from
accessing anything you haven't been assigned within that /20.  I
couldn't imagine it causing any issues for your ISP though.  They
don't know what subnet mask you're running anyway.



> How do I correctly set up the static routes or routing in generally in m0n0wall?
>
> If m0n0wall cannot do it by it self, could a another router help?

m0n0wall will do it just fine.  Adding another router will just leave
you with the same problems you're having now, and even worse because
you have another piece of equipment to deal with the same issues on.

-Chris