[ previous ] [ next ] [ threads ]
 
 From:  h underscore reuver at mantell dot xs4all dot nl (Huub Reuver)
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] many problems with... - could somebody please clear this?
 Date:  Wed, 26 May 2004 09:10:39 +0200
On Tue, May 25, 2004 at 09:20:32PM -0400, David Kitchens wrote:
> Ubi,
> Sometimes the message gets lost in the complexity of the question, lol. Me
> not having a clue what sip-spoof was till googleing a min ago, didn't help
> either. I don't know why you would need both Speedtouch devices AND the
> monowall but here is my assumption.

In short: same problem here.
setup 1: monowall coneecting with PPTP to speedtouch. Would not know what
remote IP I should use.
setup 2: monowall NATing and speedtouch NATing. One way to make sure that
everything you could make to work through the firewall that comes close to
connection tracking will fail (active ftp and such)
setup 3: setup the monowall to remain silent and bridge anything. One way 
do it you need sip-spoof and a weird broadcast/netmask. Monowall is using
the realworld external IP directly.

Setup2 is working, but won't make me happy. Setup 1 or 3 should work if
I only knew how...
It is almost enough to replace monowall.

>  Since monowall does not know how to use
> sip-spoof, you will likely need to get your connection to the web using one
> or both of the speedtouch devices. Turn off most of the functions in those
> things, you don't want any firewalling there as you said. Once you have a
> working connection to the world, put any internal ip, ie: 10.0.0.1, on the
> lan side of that device. You can then either set your monowall wan ip to
> 10.0.0.2 with dns from the isp or use dhcp on the lan of the speedtouch to
> give the appropriate info to the wan of mono. The mono wan gateway will be
> the lan of the speedtouch.

Do you mean to say "forget about stuff like active ftp, a passive ftp server
behind the monowall router, irc and msn functionality through monowall"?

> Then configure the monowall with any firewall
> rules you want. You should never have to make use of exec.php to set routes,
> to make any change that you want on reboot, you would have to make a custom
> image that has your changes. 

If you want to change monowall to see if it is possible to make it work
you will want to know if you can set the network using ifconfig/route.
It seems like it will never work with FreeBSD 4.9 form what I tried last
friday. But YMMV.

Double NAT seems the source for many problems to me...
Some kind of p2p connection to an unknown external IP-adres?

With regards,
Huub Reuver