I'm currently using an OpenBSD bootable CD firewall solution:
but I am interested in trying out m0n0wall. I've installed a system
with m0n0wall, but I'm confused about how a few things work. This is
my current setup:
We have a small Cisco router managed by the local telephone company
for our T1 connection. The OpenBSD machine has two 3c905B NICs in
it. One NIC uses a crossover cable to uplink to FastEthernet0/1 on
the Cisco Router (apparently the 3c905B isn't auto sensing) and the
other NIC has a cable run to the uplink on our unmanaged switch. On
the OpenBSD firewall, I simply bridged the devices, and setup dhcpd
to pass out IPs from the block of IPs assigned by our ISP. I then
configured pf to block everything by default and opened up just the
services we need. So far, everything is working fine - but I'd like
to use m0n0wall so others who aren't comfortable with a command line
have a chance of making configuration changes.
So, I looked into bridging in m0n0wall, but I'm confused about the
interfaces. I enabled the filtering bridge, but why do I need to
assign an IP to the WAN interface? I set the LAN Interface to be
x.x.x.2/25 (1 is the cisco router) and used the /25 CIDR notation
since we have a partial class C block of IPs with a subnet mask of
255.255.255.128. As soon as I do this (and reboot the machine) I
can't connect to the m0n0wall web interface for some reason. On my
current OpenBSD solution, neither NIC needs to be configured with an
IP address, since the bridge operates at Layer 2. I did configure
one NIC with an IP however for remote administration.
I'm also confused about having the m0n0wall DHCP server pass out IPs
from our partial class C IP block (I don't want to NAT anything). I
turned on "advanced outbound NAT", but none of the machines were
getting IP addresses - but I suspect it was because of the
configuration problems above.
Anyone have any insight about how I should configure the interfaces
so they are bridged properly?