[ previous ] [ next ] [ threads ]
 From:  "David Burgess" <apt dot get at gmail dot com>
 To:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] ethernet frame routing
 Date:  Sat, 20 Oct 2007 23:53:29 -0600
On 10/20/07, Sebastian Böhm <seb at exse dot net> wrote:
> Am 20.10.2007 um 19:03 schrieb Lee Sharp:
> > Sebastian Böhm wrote:
> >> Hi,
> >> I want to install a new firewall and someone suggested me to use
> >> m0n0wall with a soekris board.
> >> I have one question regarding features:
> >
> > [snip]
> >
> >> those two nets (x.y.z.0/28 and x.y.z.80/28) sit on the same
> >> interface (eth1) , and have their default route at .1 and .81
> >
> > This is a bad thing.  With 2 collision domains on one flat network,
> > you will have a lot more collisions and other hard to diagnose
> > issues. Additionally, security is out the window.  You can get into
> > the guts of m0n0wall and make this happen, but it is not
> > recommended.  An additioanl nic or vlans is the best way to go.
> Hi Lee,
> I know that.
> (by the way: it not THAT insecure, as I have no internal security
> issues and I checked the switch and there are no issues with
> collisions, so I am fine)
> But how do I setup a transparent (bridging) m0n0wall which redirects
> traffic that comes from one net and goes to the other net not to the
> default router, but redirects it.

The monowall's routing table is aware of the subnets on which its interfaces
lie, even multiple subnets on a single interface. Traffic from subnet 1
which is destined for subnet 2 (neither being on the mono's wan side) will
be routed to the correct interface and not the default route. Filtering
rules should function as expected with no fancy hacking.