[ previous ] [ next ] [ threads ]
 
 From:  David Cook <david dot cook at jetpress dot com>
 To:  'Andy Ciordia' <andy dot ciordia at pgdc dot com>, M0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Trying to Grok, need an assist. (routeable+nonrout eable)
 Date:  Wed, 21 Apr 2004 08:11:51 +0100
Andy,

Is my assumption of the layout of your network correct?

Internet
  |
  |
  |
Router
  |
  |
  |
Firewall---NAT'd network
  |
  |
  |
Routed Network


>-----Original Message-----
>From: Andy Ciordia [mailto:andy dot ciordia at pgdc dot com]
>Sent: 20 April 2004 18:53
>To: David Cook
>Subject: Re: [m0n0wall] Trying to Grok, need an assist.
>(routeable+nonrout eable)
>
>
>David Cook wrote:
>> Andy,
>> 
>> I have addressed your queries below. From your description 
>m0n0wall can do
>> everything you need. Let us know if you need any further explanation.
>> 
>
>Hi David and thanks for responding.  From your response I understand 
>NAT, I see the reference to looking through the list for how 
>groups may 
>be done, but when I read the bit on static addressing, I didn't quite 
>understand.
>
>Is that where I put my 208 class C block for routing?
>
>-a
>
>
>>>Problem:  I have a firewall that needs ASAP replacing, its running 
>>>SunScreen EFS.  I'm coming from a network that has had two functions.
>>>
>>>1. Class C routeable space that runs all of our production vehicles, 
>>>accessed through group'd restrictions.
>>>2. Non-Routeable Nat'd User Space, with rules also applied.
>> 
>> 
>> Enable advanced outbound NAT on 
>> 
>> Firewall: NAT -> 'Outbound' tab
>> 
>> Then configure NAT mappings as appropriate. Any network that 
>NAT isn't
>> configured for will be routed instead. This is great for 
>NATing RFC1918
>> addresses from behind a LAN interface and also routing 
>public IPs on a DMZ
>> interface.
>> 
>> 
>>>I know the non-routeable space is an easy one, thats what most 
>>>of these 
>>>canned firewalls do best.  However, how do we handle the 
>class C now? 
>>>In m0n0wall is this what is considered a static route?
>>>
>> 
>> 
>> No, this is just the standard meaning for static routes.
>> 
>> 
>>>I also have seen that no (free) firewall solution is grouping 
>>>servers/rules together. Can someone tuck that into a drawer 
>for future 
>>>ideas? (ie group all production ip's together and then make 
>a rule for 
>>>that group to say allow http/insert allowance/rejections here)
>> 
>> 
>> I seem to remember that this has been discussed favourably 
>on the list
>> before. If you need further info you can do a search at
>> http://m0n0.ch/wall/list/.
>> 
>
>
>_______________________________________________________________
>_________
>This e-mail has been scanned for all viruses by Star Internet. The
>service is powered by MessageLabs. For more information on a proactive
>anti-virus service working around the clock, around the globe, visit:
>http://www.star.net.uk
>_______________________________________________________________
>_________
>

JET PRESS LIMITED
Nunn Close
Huthwaite
Nottinghamshire
NG17 2HW
UK

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175


Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.