RE: [monowall] Can Monowall be set to bridging?

From:	"Bob Young" <bob at lavamail dot net>
To:	"'Lee Sharp'" <leesharp at hal dash pc dot org>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [monowall] Can Monowall be set to bridging?
Date:	Mon, 18 Dec 2006 23:02:39 -0500
Hi Lee:

I want to thank you for your reply.

I'm not as well versed in routers (or Monowall), as I would like to be.
That's probably why I was having trouble understanding this.

But from what you are saying it looks like I should be able to remote into
the WAN interface of my Monowall, and from there Monowall will let me bridge
from the WAN interface to the OPT1 interface of my Monowall.  

I noticed that the OPT1 interface does allow bridging to the WAN interface.
There is a drop down box on the OPT1 interface page that allows me to pick
bridging.  I guess this effectively turns off any routing action between WAN
to OPT1. (Am I correct?).

It looks like I'm converting the Internet signal on my DSL line to the same
Internet signal, but now on an Ethernet line, which is still using public
IPs.  So now, I now have to configure my equipment to talk to public IP
addresses, for any of my equipment that is connected to the OPT1 interface
(since it is bridged to WAN).

I understand I could connect a router to the OPT1 interface, and use NATting
on that router, and then use private IP addresses on the LAN side of the
second router.  (Am I thinking correct about this?).

I'm thinking that if I do bridge my Monowall from WAN to OPT1 (and use
public static IP addresses on my equipment), that I will find it easier to
remotely access the WAN interface from anywhere out on the Internet,(and
control) my equipment.  (Am I right?).

If I'm correct, it seems like doing this bridging can have a problem with
it.  That is, everything must have static public IP addresses.  That can get
expensive, if I have a bunch of addressable devices after my Monowall.

So maybe that is where 1:1 NATting might help out.  I can have some devices
use private IP addresses on the LAN side of my Monowall. But for the few
things that I need to remotely access (and thus have private static IP
addresses), maybe 1:1 NATting will let me remotely access and control my
equipment on my LAN?  (Am I correct?).

If I'm correct about this 1:1 NATting, then that means I'm going to have to
figure out how to do 1:1 NATting...lol.

But you also mentioned "server NAT".  I have no idea in the world what
"server NAT" is.  I'm going to have to do more learning in that area.

But maybe 1:1 NATting is all that I need?

Thanks for helping to throw more light on this.

Bob


-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: Monday, December 18, 2006 12:21 AM
To: Bob Young
Subject: Re: [monowall] Can Monowall be set to bridging?

From: "Bob Young" <bob at lavamail dot net>

> I wanted to mention something about the remote access.

> For my question, my perspective was that I might be on the Internet, from
> any remote location, other then being at my office LAN, which has the
> Monowal and my LAN.

> Was your answer also from the perspective that I would not be at my LAN, 
> but
> I would be on the Internet at some remote location, and trying to remote
> back into my home office LAN, which has the Monowall?

Not sure I follow you but here goes.  Form the outside your would resolve 
DNS from an authoritative server to a real IP address.  It will go to your 
m0n0wall, and either bridge to the server or NAT to the server.  In the LAN,

however, the real IP address will not NAT back to a system on your LAN.

If you VPN in, you will essentially be on the lan, but DNS may not be 
depending on your client.