[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  GD Incorporation <golddragoninc at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Can I use m0n0wall to merge 2 networks with different subnet?
 Date:  Sun, 04 Dec 2011 09:18:51 -0600
On 12/04/2011 05:21 AM, GD Incorporation wrote:
> Hi Lee, the IP Tunneling is out of the question since I need performance.
> Security is no issue. When you said adding NIC to firewall A, do you mean
> the Firewall A have 3 NICs? Would this be the correct picture you mentioned?
> The wireless antenna only works as a bridge.

Yes.  And the wireless would still work, I just never trust wireless for 
anything important.

> Would the settings below works to make both company communicates as if they
> are in the same location? If not please tell me what would work. So far, I
> am able to make all devices behind Firewall B to contact all devices behind
> Firewall A (including internet) successfully and no problems at all, but not
> the other way around. Any devices behind firewall A cannot access any
> devices behing Firewall B

You need routes and rules.  And IPs that can see each other.

> (PS: all firewalls are running m0n0wall)
> Firewall A:
> Nic 1: WAN 118.x.x.x / 29
> Nic 2: LAN 192.168.0.5 / 16
> Nic 3: Bridge to FW A??? 10.0.0.2 / 24
Nic 3: Bridge to FW B 192.169.0.6/16
> Add Static Route for 192.169.x.x/16 to point to gateway 192.169.0.5???
Should not be needed.  With Nic 3 being on 192.169.0.6/16, you have a route.


> Firewall B
> Nic 1: WAN 10.0.0.50 / 24 -->  Treat this as bridge?
> Nic 2: LAN 192.169.0.5 / 16
> Add Static Route for 192.168.x.x to point to gateway 192.168.0.5???
Add Static Route for 192.168.0.0/16 to point to gateway 192.169.0.6
> Then set all the users in company B with 192.169.x.x /16 with gateway and
> dns to 192.168.0.5? For Internet sharing.
DO NOT TOUCH THE USERS!  Handle all routes in the firewall.  You will 
also need firewall rules in each segment allowing traffic on FW A.

What will happen.  User on firewall A wants to go to user on firewall B. 
  It will go to the default route of 192.168.0.5 and be routed to 
192.169.0.6, and on to the user.

User on firewall B wants to go to user on firewall A.  It will go to the 
default route of 192.169.0.5 and be routed to 192.169.0.6, and on to the 
user.

Does this help?

			Lee