On 10/20/07, Sebastian Böhm <seb at exse dot net> wrote:
> Am 20.10.2007 um 19:03 schrieb Lee Sharp:
> > Sebastian Böhm wrote:
> >> Hi,
> >> I want to install a new firewall and someone suggested me to use
> >> m0n0wall with a soekris board.
> >> I have one question regarding features:
> > [snip]
> >> those two nets (x.y.z.0/28 and x.y.z.80/28) sit on the same
> >> interface (eth1) , and have their default route at .1 and .81
> > This is a bad thing. With 2 collision domains on one flat network,
> > you will have a lot more collisions and other hard to diagnose
> > issues. Additionally, security is out the window. You can get into
> > the guts of m0n0wall and make this happen, but it is not
> > recommended. An additioanl nic or vlans is the best way to go.
> Hi Lee,
> I know that.
> (by the way: it not THAT insecure, as I have no internal security
> issues and I checked the switch and there are no issues with
> collisions, so I am fine)
> But how do I setup a transparent (bridging) m0n0wall which redirects
> traffic that comes from one net and goes to the other net not to the
> default router, but redirects it.
The monowall's routing table is aware of the subnets on which its interfaces
lie, even multiple subnets on a single interface. Traffic from subnet 1
which is destined for subnet 2 (neither being on the mono's wan side) will
be routed to the correct interface and not the default route. Filtering
rules should function as expected with no fancy hacking.