[ previous ] [ next ] [ threads ]
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  "'David Pierron'" <david at wombatsweb dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] What cables/What IP address?
 Date:  Wed, 7 Jul 2004 00:57:19 -0400
Hi David,
Just yesterday, Richard put a plug for m0n0wall on his blog,
www.dickmorrell.com/blog, he and I remain great friends but I no longer sell
SW, m0n0 is MUCH better! :)

Start with this,

Router: x.x.x.1, crossover cable to m0n0 WAN: x.x.x.2

Here is where you can make a decision, use NAT or not. I've got to do about
the same thing next week to my entire hosting operation, moving to new data
center. DNS servers should have external addresses, web servers can have
internal addresses unless you run some kind of control panel that doesn't
agree with NAT. It's rather easy to setup windoze servers to use
192.168.addrs, I'll be playing with external ip's next week for a few of my
servers which will go behind m0n0.  

You didn't say if your switch is VLAN capable, if so you can use one switch
for both live and internal addresses. Ideally, servers should be set in a
DMZ apart from any workstations so a three NIC m0n0 is needed. I've seen up
to 7 NIC's in m0n0 so several subnets can be accomodated. From m0n0 to the
switch, regular cables are used. I've got Cisco gear myself, 2620 Router and
Catalyst VLAN Switch so there could be some switch configuration needed as
well. This could be why your setup did not come up, you had that port set as
.2 on both m0n0 and switch. 

If you just have workstations, use a 2 NIC setup with NAT for your
workstations, DHCP can be either on m0n0 or an internal server.


> -----Original Message-----
> From: David Pierron [mailto:david at wombatsweb dot com] 
> Sent: Tuesday, July 06, 2004 8:16 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] What cables/What IP address?
> I am new to m0n0wall ... I was looking for a FreeBSD 
> firewall, and this looked intriguing as the developer of 
> Smoothwall put his stamp of approval on it ...  I have two 
> main questions;
> 1.) What cables should be used to go from/to the interfaces?
> 2.) What should the WAN IP address be?
> I do not use NAT or pricate network IPs, I have a C Class ... 
> A Cisco Router and Cisco Switches
> My Cisco Router's Serial interface (the T1) is defined as ip 
> address my.isp.ip.adr
> My Ethernet interface is defined as my.eth.net.1
> I have a xover cable coming from the router into the first 
> switch and we've been happy for years now ...
> - Now I want to upset all this harmony with a firewall -
> I burned a CD and inserted a floppy and I brought up the 
> m0n0wall I configured the WAN address with my.isp.ip.adr /31 
> the gateway with my.eth.net.1 and the m0n0wall as my.eth.net.2
> Pointing to http://my.eth.net.2 gets me into the web 
> interface, but when I pull the xover from the switch and put 
> it into the other Ethernet interface on the PC, it doesn't 
> work ...  I also tried a regular patch cable ... 
> couldn't get anything to fire up ...
> I then change the WAN IP address to an unused IP address on 
> my network and plugged a patch into another Cisco switch port 
> and it fired up and the status under the Interfaces showed up 
> in the web administration ...
> Please .. some tips as to what cables to use, and how to put 
> this in my environment ... Cisco Router to Cisco Switches 
> using Real C Class IP addresses ...
> Do I have to change anything in the router?  I wouldn't think 
> so ...  The router has its WAN side IP that is my ISP's, and 
> I have my LAN side IP which is the .1 of my C Class ...
> This is where it gets confusing for me ... What is then the 
> LAN/WAN for the m0n0wall and am I correct that it goes 
> between the router and the switches?
> Thanks ...
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch