[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <abelbeck at abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Setup for new firewall
 Date:  Mon, 30 Oct 2006 07:39:58 -0600 
On Oct 29, 2006, at 10:46 PM, Jim Toro wrote:
> You say set the LAN side to that address so I guess all the PC's would
> then need to think THEIR gateways would be 192.168.100.0 ?
> Would all of the LAN side boxes now need to be set for /23 as they are
> now /24 as is the router.
>
Jim,

If you use a m0n0wall in filtered bridge mode.

Cisco router 1.2.0.1/23

m0n0 bridge (WAN) 1.2.0.2/23 (1.2.0.1 is gateway address)

Clients off OPT interface with 1.2.0.x/23 and 1.2.1.x/23 addresses,  
gateway is 1.2.0.2 (1.2.0.1 works also?)

Disclaimer, I have never tried anything like this, but the network  
'math' seems correct.

Lonnie


> On Mon, 30 Oct 2006, davidg at yowl dot org wrote:
>
>> Hey Jim,
>>
>> Question:- Do your Class C's form a contiguous address range or  
>> are they seperate? If the address ranges are adjacent they you  
>> could perhaps look at configuring the LAN side of things as a  
>> single /23 network.
>>
>> eg 192.168.100.x & 192.168.101.x could be configured as  
>> 192.168.100.0/23 which would give you a single logical subnet for  
>> which you could configure a single gateway etc. This would require  
>> all of the hosts on that subnet to have the same view of the  
>> world, possibly not a particularly trivial undertaking, but in  
>> networking terms it's probably the most elegant.
>>
>> Otherwise...
>>
>> Splitting the network and installing an additional NIC in the  
>> m0n0wall would be an OK solution, but then you would be routing  
>> LAN-LAN traffic through your firewall, probably better to avoid  
>> this if you can help it. If your switch supports VLAN tagging then  
>> this would be a similar alternative (with the same downside).
>>
>> Or, would it be an option to put the firewall outside the router,  
>> let the router handle all the LAN traffic for you and just hand  
>> off external traffic to the m0n0 for routing to the Internet?
>>
>> Hope this helps some.
>>
>> Cheers,
>> David.
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>