I have m0n0wall 1.22 running on a Soekris 4521 with my DSL modem bridged
to the WAN interface of m0n0wall which uses PPPoE to connect to my DSL
provider. I have a static IP address and I use 1:1 NAT so that I can
use an RFC1918 non-routeable address on the LAN interface of m0n0wall.
All this works just fine and I am happy with the setup.
The other day I decided to use the OPT1 interface of m0n0wall as a WiFi
(hostap) access point. I know and understand Manuel's and Chris's oft
stated objections to doing this ("just use external access points") but
I just wanted to try it as I already had the hardware inside my Soekris.
At first I tried configuring the OPT1 interface as a bridge with the LAN.
This was an ideal solution I thought, since I wanted to use the same net
10 subnet address in the WiFi world that I am using on the wired (LAN) net.
I could ping my wireless laptop from the OPT1 interface of m0n0wall, but
I could not ping any net 10 address from the laptop - not the m0n0wall
itself or a FreeBSD box sitting on the LAN itself. The WiFi laptop was
associated to SSID of the WiFi card in m0n0wall. In some private email,
Chris suggested that I forget the bridge-to-LAN method and instead set up
a second subnet on the OPT1 interface disjoint from the LAN subnet. So, I
tried that, but I was not able to get that to work. I understood that I
had to add rules to allow traffic to flow onto and off of the WiFi subnet
associated with the OPT1 interface of m0n0wall, but I could not get packets
to flow (pings failed) after adding what I thought were the correct rules
to my m0n0wall configuration.
I can provide the configured rules if need be, and yes I did search about
two years' worth of email list archives (back to about the 1.1 era) without
finding anything that I could see was relevant to my current problems.
If anyone has any constructive suggestions, I would greatly appreciate
them. I would like to avoid the "extra access point - not part of my
m0n0wall" approach. Chris told me that the reason the wireless parts
of the m0n0wall handbook are empty for the most part is because he was
responsible for most of that documentation and he doesn't use wireless
in that way (built into m0n0wall). As I said, I would like to see if
it is possible to do this, even if it is not a viable long term result.
For specific and concrete discussion, assume static public IP address
of a.b.c.4 which is 1:1 NAT'd to my LAN as 10.0.0.4 when my laptop is
docked to the wired LAN. When I use my laptop as a wireless client,
it would be nice to have it still retain the 10.0.0.4 address only it
would be coming from the (bridged) OPT1 (WiFi) interface of m0n0wall.
Even if I can get the above to work, which so far has eluded me, I do
not know if the 1:1 NAT on the WAN interface would still apply to any
devices on the (bridged) OPT1 (WiFi) interface as described above.
William Bulley Email: web at umich dot edu
72 characters width template ----------------------------------------->|