[ previous ] [ next ] [ threads ]
 
 From:  "JHead" <joggelichopf at hotmail dot com>
 To:  <aeon at ultra dot cto dot us dot edu dot pl>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] VMWare, Zywall and IPSec
 Date:  Tue, 9 Mar 2004 19:27:02 +0100
Hi Radek

The setup I use looks as follow:

               VMNet2/PhysicalOPT1
		             |
VMNet3/PhysicalWAN- BASE MACHINE -PhysicalLAN/VMNet4

Further just one of the physical Interfaces has assigned an IP Address for
managing the VMWare. The other Interfaces are firewalled/disabled. Each MONO
assignes its own IP Addresses to the respective Interfaces. On the three
cables all subnets are 'neighbours' but at their ends I use a switch to
partition the traffic. The solution isn't 100% secure but realizable with a
small budget.

--raffi




-----Original Message-----
From: aeon at ultra dot cto dot us dot edu dot pl [mailto:aeon at ultra dot cto dot us dot edu dot pl] 

To: m0n0wall at lists dot m0n0 dot ch; joggelichopf at hotmail dot com
Subject: Re: [m0n0wall] VMWare, Zywall and IPSec



Hi, I was thinking about setting two m0n0 on one comp running
VirtualMachine. 
Could you send me some info on that?
As my network grow I need to use second 1Mbit ADSL link for new users. Due
to 
lack of multiple wan in m0n0, one comp with VM is great solution. I wonder
if I 
would be able to set it up to use one LAN interface to serve two subnets
(ie. 
10.0.0.0/255.255.255.128 and 10.0.0.129/255...128 on one physical network)
and 
every subnet to have different wan (ie. adsl A and adsl B, each connected to

it's own NIC), each on separate VM mono.

TIA

Radek Krupa 

-----Original Message-----
From: JHead [mailto:joggelichopf at hotmail dot com]
Sent: Tuesday, March 09, 2004 2:05 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] VMWare, Zywall and IPSec

Hi
I just got in touch with m0n0wall and I'm completely amazed! We us it to 
protect a ASP Solution. One one physical machine are multiple M0N0s running
in 
VMWare machines. It's working very well so far and I just can recommend this

solution for everybody who is looking for a simple firewall that needs to 
be 'stackable' for multiple customers. If anybody is interested about more 
detail, I'm reachable!

But even if 99% of our solution is working very fine I'm still having some 
troubles with on thing. Does anybody have experiences with the combination
of a 
Monowall (fixed IP) and a Zywall (dyndns client) using LAN to LAN VPN?
Actually I'm not very experienced with IPSec and my little hope is to find 
somebody here who has already realized our future configuration and can give
me 
a hint. I really don't understand the parameters in the IPSec Configuration
on 
both sides that I can create a match of these two boxes. 

Here's the desired setup

OPT1 (10.1.1.0/24) -> MONOWALL ->WAN (fixed IP) --> Zywall ->Remote LAN
(10.1.2.0/24)

Rules:
OPT1 to Remote LAN (Port 9002)

Thanx a lot
--raffi


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/