[ previous ] [ next ] [ threads ]
 
 From:  "Josh Hyles" <josh dot maillists at gmail dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1 to 1 ip routing
 Date:  Mon, 29 May 2006 21:41:16 -0400
Hey Chris, and everyone else. I'm still in search for a solution or at
least clarification.

Chris showed me this unit...

http://www.netgate.com/product_info.php?products_id=312&osCsid=5efc3f577dedf696e9e5dc8dad76348d

and I'm not sure if one of those ports it considered OPT1 or not. I
would need a port for OPT one to bridge to the WAN port, so can
someone tell me if that does have one? I looked through the specs and
nothing stood out to me.

Also, i'm wondering more how I would actually do this. Lets say the
unit is at a colocation place and I have 1 cable. Lets say I order 2
1MB connections and i am given 2 subnet ranges I can use. Is it
possible to route both subnet ranges like say... 63.123.123.121/29 and
63.123.123.128/29, so i'd have those two setups, could i route them
both?

Another setup could be that I just get more IPs for my current
connection (1MB) and up it to 2MB. so that setup would be something
like... 63.123.123.113/28 (I'm using a subnet calc for this, so if i'm
doing it all wrong, just try and adjust the number in your head) how
would I route just that one subset of ips through the monowall?

I want 2 servers to be connected and I'm sure i'll need a small
switch, but if i can find a WRAP with 2 OPT interfaces then great...
but that would mean it has to have 4 ports.


Thanks in advance for the help.

Josh.

On 5/21/06, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 5/21/06, Josh Hyles <josh dot maillists at gmail dot com> wrote:
> > I use m0n0wall at home and love it to death, but I need m0n0wall in a
> > production environment. I am wondering a few things here. Is m0n0wall
> > a good solution for securing a webserver/SQL server from hackers and
> > such?
> >
>
> It's, as with any firewall, as good as it's configured.  It can't
> protect you from traffic you permit, and since you have to permit
> traffic to a web server via HTTP at least, it won't protect you from
> everything.  It'll do a great job of closing off any services you
> don't want publicly accessible.
>
> My point is, with any firewall, don't think "there's a firewall in
> front of my web server, so it's secure".  That's not going to protect
> you from web server or web application vulnerabilities or
> misconfigurations.
>
> the type of setup you probably want with only two servers is this:
> http://doc.m0n0.ch/handbook/examples-filtered-bridge.html
>
> -Chris
>