[ previous ] [ next ] [ threads ]
 
 From:  David Cook <david dot cook at jetpress dot com>
 To:  'Andy Ciordia' <andy dot ciordia at pgdc dot com>, "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Trying to Grok, need an assist. (routeable+nonrout eable)
 Date:  Tue, 20 Apr 2004 17:40:03 +0100
Andy,

I have addressed your queries below. From your description m0n0wall can do
everything you need. Let us know if you need any further explanation.

>-----Original Message-----
>From: Andy Ciordia [mailto:andy dot ciordia at pgdc dot com]
>Sent: 20 April 2004 15:52
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] Trying to Grok, need an assist.
>(routeable+nonrouteable)
>
>
>
>Problem:  I have a firewall that needs ASAP replacing, its running 
>SunScreen EFS.  I'm coming from a network that has had two functions.
>
>1. Class C routeable space that runs all of our production vehicles, 
>accessed through group'd restrictions.
>2. Non-Routeable Nat'd User Space, with rules also applied.

Enable advanced outbound NAT on 

Firewall: NAT -> 'Outbound' tab

Then configure NAT mappings as appropriate. Any network that NAT isn't
configured for will be routed instead. This is great for NATing RFC1918
addresses from behind a LAN interface and also routing public IPs on a DMZ
interface.

>
>I know the non-routeable space is an easy one, thats what most 
>of these 
>canned firewalls do best.  However, how do we handle the class C now? 
>In m0n0wall is this what is considered a static route?
>

No, this is just the standard meaning for static routes.

>I also have seen that no (free) firewall solution is grouping 
>servers/rules together. Can someone tuck that into a drawer for future 
>ideas? (ie group all production ip's together and then make a rule for 
>that group to say allow http/insert allowance/rejections here)

I seem to remember that this has been discussed favourably on the list
before. If you need further info you can do a search at
http://m0n0.ch/wall/list/.

>
>I've got m0n0 up and running but I can't just experiment on this while 
>the day is running so I've got it hooked up to a hub of its own and am 
>configuring from a laptop.  I don't feel like I've got the 
>complete grok 
>and any assistance that can be thrown on this would be apprecaited.
>
>Thanks for the clue,
>
>-a
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>_______________________________________________________________
>_________
>This e-mail has been scanned for all viruses by Star Internet. The
>service is powered by MessageLabs. For more information on a proactive
>anti-virus service working around the clock, around the globe, visit:
>http://www.star.net.uk
>_______________________________________________________________
>_________
>

JET PRESS LIMITED
Nunn Close
Huthwaite
Nottinghamshire
NG17 2HW
UK

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175


Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.