[ previous ] [ next ] [ threads ]
 
 From:  Melvin <melvin at sleepydragon dot net>
 To:  =?ISO-8859-1?Q?Per_J=F8rgensen?= <pj4a at dmusyd dot edu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Some questions about the setup!
 Date:  Tue, 08 Aug 2006 15:59:39 -0400 
Per Jørgensen wrote:
> Well after tumbling around with this monowall for some time - I' ll 
> write here to get the answers!
>
> I working on a school where we bougth a Soekris net4801+Lan 1621!
> We have several servers/subnets that should be setup! So here's the deal!
> Wan --> we got 16IP to setup for several subnet!
> Lan - Servers  (Got 10 servers)
> Opt1 - All the klients
> Opt2 - Thats another server- subnet!
> Opt3 - Thats the VPN
>
> I've tried yesterday to set this up. and have some questions about this!
> If I set the LAN up with the machines (servers - mail http a.s.o.) How 
> is it possible to set this up so that the klients can access the 
> servers - like mail - I found the notice about setting up the intern  
> DNS.  But when you' re webserver i hosting a lot of virtuel sites - 
> how is it possible??
>
> My guess - You build your own DMZ and have this one on a seperate 
> subnet! But is it here possible to access the NAT-services in the DMZ ???
>
> Were students and have each own virtuel site - and uses this according 
> to our education. So all the klients (Opt2) should have full access to 
> all the NAT services on the LAN!
> Hopefully you can understand this - I'm pretty confused myself after 
> tumbling around with this for 2weeks now!  So hopefully thanks for an 
> answer!!!!
> well - as you can see - my english isn' t that good and I having 
> really problems about reading the manual here foir the answers!
>
Although I'm certain that you could configure things to work in this 
setup, I would recommend that you put the client machines on the LAN, 
and move the servers to one of the OPTx interfaces unless you're going 
to reserve the LAN interface for administration.  That isn't so much 
because it won't work, but more for convention.  Usually LAN machines 
are the most protected and require the most rules to access from elsewhere.

As for your DNS question, adding the names to the host file on the 
m0n0wall or whatever machine is providing DNS for the client machines 
should allow you to access everything by name without issue.