Re: [m0n0wall] Can mono handle two networks one a single nic

From:	Manuel Kasper <mk at neon1 dot net>
To:	Mike Montgomery <mike at cityofscottsburg dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Can mono handle two networks one a single nic
Date:	Fri, 2 Sep 2011 14:09:46 +0200

On 02.09.2011, at 13:05, Mike Montgomery wrote:

> Not to intrude, but does the Secondary IP's allow you to have rules for both
> the networks separately?

Yes, but it would be pointless if they're both on the same physical network or VLAN...

> And can you keep the two networks separate by doing that?

No, because there is nothing to prevent devices on the two subnets from communicating with each
other directly on layer 2 without going through m0n0wall (by default traffic would go to the default
gateway = m0n0wall, so you could filter it there, but anyone could simply add a static route to
their system or change their IP address to get to the other subnet).

> Would love to join 3 networks I have in 1 building, that all go
> out the same internet connection, into 1 m0n0wall, instead of 3.

Decide whether the three networks need to be separated (security-wise). If yes, then you can still
put them on the same m0n0wall, but you'll have to use three separate network interfaces or VLANs.
Otherwise (if no separation is needed), you can use secondary IPs.

> Also, how would IPsec work in that instant?

The same way as always - just make sure your policies include all the local subnets that you use.

- Manuel