I just discovered m0n0wall after few years with smoothwall and ipcop. The
quality of the code is such, that I'm now studying freebsd and its firewall.
I'm trying to replace a hand-made linux based firewall (based on firehol)
with a m0n0wall box. This is a 6 interface box with 2 WAN, 3 DMZ and 1 LAN
which is providing PPTP connectivity for road warriors + ipsec vpn with
The problem is the 2 WAN interfaces as I need some traffic to go out via a
cheap ADSL line, while other traffic must go out via a more expensive
(metered usage) HDSL line.
In theory, DMZA must go out from WAN (w/o nat whatever), while LAN based
traffic should go out on the ADSL (OPTx) interface, after proper natting.
I'm at a loss on how to configure the static routing for this to happen.
Also I have another problem with Natting. That is, the current NAT
implementation works on Source/Destination couples. That is, I have to know
the destination of each packet to nat it.
On the contrary, I will need to NAT some traffic going out on a specific
interface, regardless of the destination. Is this possible?
PS: I'm working on a generic-pc hackers guide right now, as I don't have an
access to a 4511 and think a generic development platform will buy more
developers than a custom hardware.... myself included :)