[ previous ] [ next ] [ threads ]
 From:  SDamron <sdamron at gmail dot com>
 To:  "David Carlin" <djc6 at eecs dot cwru dot edu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Migrating from OpenBSD to m0n0wall
 Date:  Fri, 20 Oct 2006 10:23:45 -0500
So, effectively you are just trying to use m0n0wall as a filtering bridge?

On 10/20/06, David Carlin <djc6 at eecs dot cwru dot edu> wrote:
> Hello,
> I'm currently using an OpenBSD bootable CD firewall solution:
> http://www.jtan.com/jtanoss/cdboot/
> but I am interested in trying out m0n0wall.  I've installed a system
> with m0n0wall, but I'm confused about how a few things work.  This is
> my current setup:
> We have a small Cisco router managed by the local telephone company
> for our T1 connection.  The OpenBSD machine has two 3c905B NICs in
> it.  One NIC uses a crossover cable to uplink to FastEthernet0/1 on
> the Cisco Router (apparently the 3c905B isn't auto sensing) and the
> other NIC has a cable run to the uplink on our unmanaged switch.  On
> the OpenBSD firewall, I simply bridged the devices, and setup dhcpd
> to pass out IPs from the block of IPs assigned by our ISP.  I then
> configured pf to block everything by default and opened up just the
> services we need.  So far, everything is working fine - but I'd like
> to use m0n0wall so others who aren't comfortable with a command line
> have a chance of making configuration changes.
> So, I looked into bridging in m0n0wall, but I'm confused about the
> interfaces.  I enabled the filtering bridge, but why do I need to
> assign an IP to the WAN interface?  I set the LAN Interface to be
> x.x.x.2/25 (1 is the cisco router) and used the /25 CIDR notation
> since we have a partial class C block of IPs with a subnet mask of
> As soon as I do this (and reboot the machine) I
> can't connect to the m0n0wall web interface for some reason.  On my
> current OpenBSD solution, neither NIC needs to be configured with an
> IP address, since the bridge operates at Layer 2.  I did configure
> one NIC with an IP however for remote administration.
> I'm also confused about having the m0n0wall DHCP server pass out IPs
> from our partial class C IP block (I don't want to NAT anything). I
> turned on "advanced outbound NAT", but none of the machines were
> getting IP addresses - but I suspect it was because of the
> configuration problems above.
> Anyone have any insight about how I should configure the interfaces
> so they are bridged properly?
> Thanks!
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Every revolution begins with the power of an idea and ends when the
only idea left is power.