[ previous ] [ next ] [ threads ]
 From:  "William F. Dudley Jr." <wfdudley at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  basic help needed configuring m0n0wall
 Date:  Thu, 6 Dec 2007 17:23:40 -0500

I've been running a LRP (Linux Router Project) router for several years
now (in an old Pentium 75 box) but decided that lowering my power consumption
was good, so I'm trying to move my firewall to an ALIX.2C3 board, which
has 3 NICs.

I've got the board, I've installed m0n0wall 1.3b5 on a CF card (the
1.2something production version won't bring up the NICs, I think),
and can talk to the m0n0wall web server on the LAN interface.

But for the life of me I cannot get either of the other ports to pass
any traffic, in either direction.

The LRP box was fairly easy to configure.  Just edit the shell script
to set the WAN IP, the LAN IP range, turn on Proxy Arp (choice is: yes/no),
edit a few other lines if you need to cut a hole for some inbound
traffic, and you're up.

I've been reading the m0n0wall docs for quite a few hours now (spread over
several days) but no matter what I try, I can't get any traffic in or
out of the WAN port.  Pings from m0n0wall box out the WAN port say
"no route to host".   I can ping out the LAN port to the machine
I'm using to access the m0n0wall web server, as one would expect.

Here's the setup I have with my current LRP firewall/router:

static IP /28 block from my ISP (also, conveniently, my employer)
Pipeline 130 T1 interface is sss.sss.sss.17
WAN side of my LRP box: sss.sss.sss.18

LAN side of my LRP box:, router/gateway is
The 192 lan is where the Windows machines that my wife uses are quarantined.

The Third port of my LRP box is for the routable IPs: sss.sss.sss.18.
Attached are machines (a mix of Linux and FreeBSD) responding to
sss.sss.sss.19-30 (31 is broadcast, obviously).

So the first questions are:

1. What should I set the address of the WAN port on the m0n0wall to:
I'd expect it to be: sss.sss.sss.18 / 28? 32?
I have the gateway set to sss.sss.sss.17, the Pipeline 130.

2. What should I set the address of the ROUTABLE port m0n0wall to:
I'd expect, based on the LRP box, to set it to sss.sss.sss.18/28.

3. Will I have to reboot all the machines on the inside so they
work when I switch firewalls, or can I just configure this and drop
it in?

4. If I ping the WAN address from the outside world, should I expect to
get a response?

5. Do I need to set any static routes?  I'm guessing not.

6. What are minimum rules that I need to put in the firewall ruleset to get
some traffic through?  I've added some, but obviously have no idea what
I'm doing or I wouldn't be writing this.  Once I have something basic
running, I'm confident I can add a rule to open a port for, say, ssh
to a particular machine on my "routable IP" segment.

7. What NAT settings should I be using?  I've chosen:
"Enable advanced outbound NAT" and then added a "rule" that says:
Interface=WAN, Source=, Dest=*, Target=*

8. What Proxy ARP settings should I be using?  I have no idea here,
after reading Proxy ARP stuff on the m0n0wall site and also other places
online.  LRP just had "on/off" as a choice, so I'm mystified here.
(And please tell me exactly what to put on the form, as I've not
been able to match up what people write in the m0n0wall mailing list
archives with the actual values that one would put in the web form.)

I'm a computer programmer who runs this LAN as a hobby, so that's
my excuse for my firewall/router ignorance.

Thanks in advance for any help anyone cares to give,
Bill Dudley