On 02.09.2011, at 13:05, Mike Montgomery wrote:
> Not to intrude, but does the Secondary IP's allow you to have rules for both
> the networks separately?
Yes, but it would be pointless if they're both on the same physical network or VLAN...
> And can you keep the two networks separate by doing that?
No, because there is nothing to prevent devices on the two subnets from communicating with each
other directly on layer 2 without going through m0n0wall (by default traffic would go to the default
gateway = m0n0wall, so you could filter it there, but anyone could simply add a static route to
their system or change their IP address to get to the other subnet).
> Would love to join 3 networks I have in 1 building, that all go
> out the same internet connection, into 1 m0n0wall, instead of 3.
Decide whether the three networks need to be separated (security-wise). If yes, then you can still
put them on the same m0n0wall, but you'll have to use three separate network interfaces or VLANs.
Otherwise (if no separation is needed), you can use secondary IPs.
> Also, how would IPsec work in that instant?
The same way as always - just make sure your policies include all the local subnets that you use.