[ previous ] [ next ] [ threads ]
 From:  David Cook <david dot cook at jetpress dot com>
 To:  M0n0wall <m0n0wall at lists dot m0n0 dot ch>, "'bloo at sveiks dot lv'" <bloo at sveiks dot lv>
 Subject:  RE: [m0n0wall] Public IP's on LAN
 Date:  Wed, 25 Feb 2004 08:38:01 -0000
If you simply want to route from subnet to subnet, m0n0wall will work fine
with two interfaces. I suppose this isn't really what Manuel had in mind
when he created m0n0wall, but that's not to say it couldn't/shouldn't be
used in this way. There is no need for three or more interfaces unless you
wanted to route between more than two subnets or create bridged interfaces
as described.

As advised earlier in the thread, enable 'Advanced Outbound NAT'. This
changes the default behaviour of m0n0wall to route traffic and only NAT
traffic when explicitly configured to do so. Also note that the firewall
blocks traffic that isn't explicitly allowed by a rule and the firewall
cannot be disabled in the current versions. If you want no packet filtering,
create an 'Interface -> Any, Allow' rule for each configured interface. 

As default all administration has to performed using HTTP/HTTPS on the LAN
interface. Sounds like in your scenario the LAN interface is going to be an
arbitrary description and you could do with being able to access the GUI
from all interfaces for convenience. I believe it is possible to configure
m0n0wall to allow access to the GUI from the other interfaces but I haven't
got any specific information on that. Probably something along the lines of
creating a rule allowing traffic on ports 80/443 from the interface that
have a destination of the LAN IP. I'm going to test this for myself later
but in the meantime can anybody confirm this?

>-----Original Message-----
>From: Instigater [mailto:bloo at sveiks dot lv]
>Sent: 25 February 2004 01:31
>To: M0n0wall
>Subject: Re: [m0n0wall] Public IP's on LAN
>I'm Instigter :-)
>I'm thinking of implementing m0n0 in business environment. I work as
>techsupport at local ISP. My boss is killing me with those 
>different legacy
>BSD 4.7, 4.8 shaper, w/o shaper, disk and floppy versions. All 
>I need is
>simple and robust router, just like m0n0. Keeping one spare NIC for
>configuration purposes does'nt look like a good idea.
>----- Original Message ----- 
>From: "Hilton Travis" <Hilton at QuarkAV dot com>
>To: "M0n0wall" <m0n0wall at lists dot m0n0 dot ch>
>Sent: Wednesday, February 25, 2004 3:06 AM
>Subject: Re: [m0n0wall] Public IP's on LAN
>> Hi Instigator,
>> Bridging.
>> But why would you use a firewall if all you wanted to do was 
>to disable
>> its firewalling functionality?
>> -- 
>> Regards,
>> Hilton Travis                   Phone: +61-(0)7-3343-3889
>> Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
>>          Quark Computers         http://www.QuarkAV.com/
>> (Brisbane, Australia)            http://www.QuarkAV.net/
>> Open Source Projects: http://www.ares-desktop.org/
>> http://www.mamboband.org/
>> Non Linear Video Editing Solutions & Digital Audio Workstations
>>  Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
>>   Conference and Seminar AudioVisual Production and Recording
>> War doesn't determine who is right. War determines who is left.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>This e-mail has been scanned for all viruses by Star Internet. The
>service is powered by MessageLabs. For more information on a proactive
>anti-virus service working around the clock, around the globe, visit:

Nunn Close
NG17 2HW

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175

Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of