[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  "'m0n0wall List'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Setup for new firewall
 Date:  Sun, 29 Oct 2006 20:35:56 -0500 
Lonnie has pointed you in the right direction for using public ip's on the
LAN but I don't believe you will be able to route both networks thru one
m0n0wall. Do your two network segments need to communicate with each other?
IE: 512 computers all in the same network? I think you will need two
m0n0walls coming off of your router, one for each segment. Someone please
prove me wrong if I am. I believe you will need another switch after your
router where you can plug two m0n0walls into, then dole out ip's via dhcp on
each or set LAN computers static. If the segments need to communicate, you
could setup static routes in both m0n0walls so they can see each other.
Network browsing could be a nightmare if this is the case but I think we
need a little more info on your network layout to give you a complete
answer.

Dave

> -----Original Message-----
> From: Lonnie Abelbeck [mailto:abelbeck at abelbeck dot com] 
> Sent: Sunday, October 29, 2006 4:07 PM
> To: m0n0wall List
> Subject: Re: [m0n0wall] Setup for new firewall
> 
> Jim,
> 
> You might want to look at a filtered bridge configuration:
> http://doc.m0n0.ch/handbook/examples-filtered-bridge.html
> 
> Lonnie
> 
> 
> On Oct 29, 2006, at 1:28 PM, Jim Toro wrote:
> 
> >
> > I'm new to firewalls so please dont kill me.I am fiddling 
> around with 
> > m0n0wall and need to do this:
> >
> > PC's  --- SWITCH --- FIREWALL --- Router --- Internet
> >
> > All the PC's are going to the switch and the firewall will sit 
> > inbetween the switch and the router. We have two Class C 
> networks All 
> > public addresses, no private stuff:
> >
> >   Lets say:   1.2.3.xxx  and 1.2.4.xxx
> >
> > and our router is configured to accept both on the same 
> interface. So 
> > if any one on either network wants to go "out" they pick their 
> > network's gateway IP and put it in their settings.
> >
> >          1.2.3.1 is one gateway
> >          1.2.4.1 is another gateway
> >
> > What I am not sure about is what m0n0 needs in order to 
> deal with both 
> > on the LAN and WAN side.  Since each interface gets an IP and the 
> > networks will have IP's on the pc/switch and router side of the 
> > firewall for both networks (pc's on the lan side and the 
> router on the 
> > wan side) I am not sure what exactly to do.
> >
> > Would it be better to add a third NIC and split the network to two 
> > switches that take only their network IP's to the 
> individual NICs on 
> > the firewall or is there a simpler way that I am not sure about.
> >
> > Thanks for any guidance you can give me.
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
>