|
||||||||
Hello, I'm currently using an OpenBSD bootable CD firewall solution: http://www.jtan.com/jtanoss/cdboot/ but I am interested in trying out m0n0wall. I've installed a system with m0n0wall, but I'm confused about how a few things work. This is my current setup: We have a small Cisco router managed by the local telephone company for our T1 connection. The OpenBSD machine has two 3c905B NICs in it. One NIC uses a crossover cable to uplink to FastEthernet0/1 on the Cisco Router (apparently the 3c905B isn't auto sensing) and the other NIC has a cable run to the uplink on our unmanaged switch. On the OpenBSD firewall, I simply bridged the devices, and setup dhcpd to pass out IPs from the block of IPs assigned by our ISP. I then configured pf to block everything by default and opened up just the services we need. So far, everything is working fine - but I'd like to use m0n0wall so others who aren't comfortable with a command line have a chance of making configuration changes. So, I looked into bridging in m0n0wall, but I'm confused about the interfaces. I enabled the filtering bridge, but why do I need to assign an IP to the WAN interface? I set the LAN Interface to be x.x.x.2/25 (1 is the cisco router) and used the /25 CIDR notation since we have a partial class C block of IPs with a subnet mask of 255.255.255.128. As soon as I do this (and reboot the machine) I can't connect to the m0n0wall web interface for some reason. On my current OpenBSD solution, neither NIC needs to be configured with an IP address, since the bridge operates at Layer 2. I did configure one NIC with an IP however for remote administration. I'm also confused about having the m0n0wall DHCP server pass out IPs from our partial class C IP block (I don't want to NAT anything). I turned on "advanced outbound NAT", but none of the machines were getting IP addresses - but I suspect it was because of the configuration problems above. Anyone have any insight about how I should configure the interfaces so they are bridged properly? Thanks! |