[ previous ] [ next ] [ threads ]
 
 From:  "Molle Bestefich" <molle dot bestefich at gmail dot com>
 To:  "=?ISO-8859-1?Q?J=FCrgen_Pomberger?=" <juergen at pomberger dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Is it possible to make a m0n0wall witout a WAN
 Date:  Mon, 12 Jun 2006 08:22:23 +0200 
Jürgen Pomberger wrote:
> Is it possible to make a m0n0wall witout a WAN.

Sure.

"WAN" in a firewall sense just means "where to send stuff that doesn't
belong to any of the defined 'internal' networks".

In m0n0wall, it's definition is more concretely "behind which
interface lies the network containing the firewall's default gateway".

There are a number of limitations regarding m0n0wall and WAN because
of various ways in which m0n0wall is implemented, but I don't think
you'll run into any problems in your setup.

> --------------------------ADSL Router----------------------------
> ------------------------------|----------------------------------
> ------------------------------|----------------------------------
> --------------------------m0n0wall_1-----------------------------
> ------------------------------|----------------------------------
> ------------------------------|----------------------------------
> ----------------------------Switch-------------------------------
> ---------------------------/--|--\-------------------------------
> -----------------m0n0wall_2---|--m0n0wall_3----------------------
> ------------------/-----------|-----------\----------------------
> --------WLAN Brige------------|------------WLAN AP---------------
> -------/----------------------|------------------\---------------
> ---LAN2-----------------------|-------------------WLAN Clients---
> ------------------------------|----------------------------------
> ------------------------------|----------------------------------
> ----------------------------LAN1---------------------------------
>
> Is this with m0n0wall possible=??

Sure, why not.  Without any knowledge of what you're trying to do,
besides for the above drawing, I'll assume that you're trying to give
"WLAN Clients" and "LAN2" differing levels of internet access.

In that case, you want to point the 'WAN interface' of m0n0wall_2 and
m0n0wall_3 towards the LAN1 interface of m0n0wall_1.  Set the default
gateway of m0n0wall_2 and m0n0wall_3 to m0n0wall_1's IP address on
LAN1.

m0n0wall_1 should be configured as usual, with the WAN interface and
default gateway pointing towards your ADSL router.


I think it's technically overkill to have three firewalls for a simple
network setup like the above.  You're probably not going to max out
the bandwidth in any of the m0n0walls.  But seeing as m0n0wall is very
interface-centric, it might make sense because it makes your life a
lot easier when you're writing your firewall rules.