[ previous ] [ next ] [ threads ]
 
 From:  David Pierron <david at wombatsweb dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] What cables/What IP address?
 Date:  Wed, 07 Jul 2004 13:06:07 -0400
At 12:57 AM 07/07/2004, David Kitchens wrote:
>Hi David,
>Just yesterday, Richard put a plug for m0n0wall on his blog,
>www.dickmorrell.com/blog, he and I remain great friends but I no longer sell
>SW, m0n0 is MUCH better! :)
>
>Start with this,
>Router: x.x.x.1, crossover cable to m0n0 WAN: x.x.x.2

So I am grappling with 3 IP addresses ... WAN, LAN and gateway

The router's IP address is x.x.x.1 ... This is the current "gateway" 
address for all of my machines ...

Not doing NAT what-so-ever, so I don't need 3 NICs ... Using all routable 
IP addresses all on the same C Class ...

If I specify the WAN address as x.x.x.2 and the LAN as x.x.x.3 leaving the 
gateway as x.x.x.1 ...

Do I then have to change all the machines in my network to point to x.x.x.2 
as the "new" gateway?

If this is the case, it would be easier to change the IP address of the 
router, yes?

>Here is where you can make a decision, use NAT or not. I've got to do about
>the same thing next week to my entire hosting operation, moving to new data
>center. DNS servers should have external addresses, web servers can have
>internal addresses unless you run some kind of control panel that doesn't
>agree with NAT. It's rather easy to setup windoze servers to use
>192.168.addrs, I'll be playing with external ip's next week for a few of my
>servers which will go behind m0n0.
>
>You didn't say if your switch is VLAN capable, if so you can use one switch
>for both live and internal addresses. Ideally, servers should be set in a
>DMZ apart from any workstations so a three NIC m0n0 is needed. I've seen up
>to 7 NIC's in m0n0 so several subnets can be accomodated. From m0n0 to the
>switch, regular cables are used. I've got Cisco gear myself, 2620 Router and
>Catalyst VLAN Switch so there could be some switch configuration needed as
>well. This could be why your setup did not come up, you had that port set as
>.2 on both m0n0 and switch.
>
>If you just have workstations, use a 2 NIC setup with NAT for your
>workstations, DHCP can be either on m0n0 or an internal server.
>
>Dave
>
> > -----Original Message-----
> > From: David Pierron [mailto:david at wombatsweb dot com]
> > Sent: Tuesday, July 06, 2004 8:16 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] What cables/What IP address?
> >
> > I am new to m0n0wall ... I was looking for a FreeBSD
> > firewall, and this looked intriguing as the developer of
> > Smoothwall put his stamp of approval on it ...  I have two
> > main questions;
> >
> > 1.) What cables should be used to go from/to the interfaces?
> > 2.) What should the WAN IP address be?
> >
> > I do not use NAT or pricate network IPs, I have a C Class ...
> > A Cisco Router and Cisco Switches
> >
> > My Cisco Router's Serial interface (the T1) is defined as ip
> > address my.isp.ip.adr 255.255.255.252
> >
> > My Ethernet interface is defined as my.eth.net.1 255.255.255.0
> >
> > I have a xover cable coming from the router into the first
> > switch and we've been happy for years now ...
> >
> > - Now I want to upset all this harmony with a firewall -
> >
> > I burned a CD and inserted a floppy and I brought up the
> > m0n0wall I configured the WAN address with my.isp.ip.adr /31
> > the gateway with my.eth.net.1 and the m0n0wall as my.eth.net.2
> >
> > Pointing to http://my.eth.net.2 gets me into the web
> > interface, but when I pull the xover from the switch and put
> > it into the other Ethernet interface on the PC, it doesn't
> > work ...  I also tried a regular patch cable ...
> > couldn't get anything to fire up ...
> >
> > I then change the WAN IP address to an unused IP address on
> > my network and plugged a patch into another Cisco switch port
> > and it fired up and the status under the Interfaces showed up
> > in the web administration ...
> >
> > Please .. some tips as to what cables to use, and how to put
> > this in my environment ... Cisco Router to Cisco Switches
> > using Real C Class IP addresses ...
> >
> > Do I have to change anything in the router?  I wouldn't think
> > so ...  The router has its WAN side IP that is my ISP's, and
> > I have my LAN side IP which is the .1 of my C Class ...
> >
> > This is where it gets confusing for me ... What is then the
> > LAN/WAN for the m0n0wall and am I correct that it goes
> > between the router and the switches?
> >
> > Thanks ...