[ previous ] [ next ] [ threads ]
 
 From:  "C. Falconer" <cfalconer at avonside dot school dot nz>
 To:  'Huub Reuver' <h underscore reuver at mantell dot xs4all dot nl>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] many problems with... - could somebody please clear this?
 Date:  Wed, 26 May 2004 19:30:03 +1200
I thought the speedtouch (at least the old speedtouch home I used to have)
had PPTP functionality.

So that the external IP could be given to the NIC that the speedtouch is
plugged into.

-----Original Message-----
From: Huub Reuver [mailto:h underscore reuver at mantell dot xs4all dot nl] 
Sent: Wednesday, 26 May 2004 7:11 p.m.
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] many problems with... - could somebody please clear
this?


On Tue, May 25, 2004 at 09:20:32PM -0400, David Kitchens wrote:
> Ubi,
> Sometimes the message gets lost in the complexity of the question, 
> lol. Me not having a clue what sip-spoof was till googleing a min ago, 
> didn't help either. I don't know why you would need both Speedtouch 
> devices AND the monowall but here is my assumption.

In short: same problem here.
setup 1: monowall coneecting with PPTP to speedtouch. Would not know what
remote IP I should use. setup 2: monowall NATing and speedtouch NATing. One
way to make sure that everything you could make to work through the firewall
that comes close to connection tracking will fail (active ftp and such)
setup 3: setup the monowall to remain silent and bridge anything. One way 
do it you need sip-spoof and a weird broadcast/netmask. Monowall is using
the realworld external IP directly.

Setup2 is working, but won't make me happy. Setup 1 or 3 should work if I
only knew how... It is almost enough to replace monowall.

>  Since monowall does not know how to use
> sip-spoof, you will likely need to get your connection to the web 
> using one or both of the speedtouch devices. Turn off most of the 
> functions in those things, you don't want any firewalling there as you 
> said. Once you have a working connection to the world, put any 
> internal ip, ie: 10.0.0.1, on the lan side of that device. You can 
> then either set your monowall wan ip to 10.0.0.2 with dns from the isp 
> or use dhcp on the lan of the speedtouch to give the appropriate info 
> to the wan of mono. The mono wan gateway will be the lan of the 
> speedtouch.

Do you mean to say "forget about stuff like active ftp, a passive ftp server
behind the monowall router, irc and msn functionality through monowall"?

> Then configure the monowall with any firewall
> rules you want. You should never have to make use of exec.php to set 
> routes, to make any change that you want on reboot, you would have to 
> make a custom image that has your changes.

If you want to change monowall to see if it is possible to make it work you
will want to know if you can set the network using ifconfig/route. It seems
like it will never work with FreeBSD 4.9 form what I tried last friday. But
YMMV.

Double NAT seems the source for many problems to me...
Some kind of p2p connection to an unknown external IP-adres?

With regards,
Huub Reuver

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch