Re: [m0n0wall] Is it possible to make a m0n0wall witout a WAN

From:	"Thomas Jreige" <thomas dot jreige at gmail dot com>
To:	"Molle Bestefich" <molle dot bestefich at gmail dot com>
Cc:	"=?ISO-8859-1?Q?J=FCrgen_Pomberger?=" <juergen at pomberger dot com>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Is it possible to make a m0n0wall witout a WAN
Date:	Mon, 12 Jun 2006 14:44:29 +0800

What is the purpost of building the network in this fashion?

Tom..



On 12/06/06, Molle Bestefich <molle dot bestefich at gmail dot com> wrote:
>
> Jürgen Pomberger wrote:
> > Is it possible to make a m0n0wall witout a WAN.
>
> Sure.
>
> "WAN" in a firewall sense just means "where to send stuff that doesn't
> belong to any of the defined 'internal' networks".
>
> In m0n0wall, it's definition is more concretely "behind which
> interface lies the network containing the firewall's default gateway".
>
> There are a number of limitations regarding m0n0wall and WAN because
> of various ways in which m0n0wall is implemented, but I don't think
> you'll run into any problems in your setup.
>
> > --------------------------ADSL Router----------------------------
> > ------------------------------|----------------------------------
> > ------------------------------|----------------------------------
> > --------------------------m0n0wall_1-----------------------------
> > ------------------------------|----------------------------------
> > ------------------------------|----------------------------------
> > ----------------------------Switch-------------------------------
> > ---------------------------/--|--\-------------------------------
> > -----------------m0n0wall_2---|--m0n0wall_3----------------------
> > ------------------/-----------|-----------\----------------------
> > --------WLAN Brige------------|------------WLAN AP---------------
> > -------/----------------------|------------------\---------------
> > ---LAN2-----------------------|-------------------WLAN Clients---
> > ------------------------------|----------------------------------
> > ------------------------------|----------------------------------
> > ----------------------------LAN1---------------------------------
> >
> > Is this with m0n0wall possible=??
>
> Sure, why not.  Without any knowledge of what you're trying to do,
> besides for the above drawing, I'll assume that you're trying to give
> "WLAN Clients" and "LAN2" differing levels of internet access.
>
> In that case, you want to point the 'WAN interface' of m0n0wall_2 and
> m0n0wall_3 towards the LAN1 interface of m0n0wall_1.  Set the default
> gateway of m0n0wall_2 and m0n0wall_3 to m0n0wall_1's IP address on
> LAN1.
>
> m0n0wall_1 should be configured as usual, with the WAN interface and
> default gateway pointing towards your ADSL router.
>
>
> I think it's technically overkill to have three firewalls for a simple
> network setup like the above.  You're probably not going to max out
> the bandwidth in any of the m0n0walls.  But seeing as m0n0wall is very
> interface-centric, it might make sense because it makes your life a
> lot easier when you're writing your firewall rules.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 


Regards,

Thomas Jreige
thomas dot jreige at gmail dot com

Quote: Be the Change you want to see in the world
Ghandi