[ previous ] [ next ] [ threads ]
 
 From:  Joe Lagreca <lagreca at gmail dot com>
 To:  Bryan Brayton <bryan at sonicburst dot net>
 Cc:  Fred Wright <fw at well dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Re: [m0n0wall] How to subnet OPT1 and still offer DHCP for each subnet?
 Date:  Thu, 19 Aug 2004 22:25:32 -0700
Bryan,

I'm sorry for the confusion, I may have thrown a few ideas around at
once.  However my goal the whole time has been to try and prevent a
NAT behind another NAT.

My m0n0 wall be doing a NAT for OPT1, and all my clients will hang off
of that.  If I subnet OPT1 I believe I can prevent a NAT behind NAT
situation.

The easiest situation would have been to assign each client an
internal IP address, and then do a NAT on that to create their own
private internal network.

I was just afraid of any support issues with NAT behind NAT, thinking
that some things may not work correctly.  If I go with subnetting, it
will eliminate any of those problems.

I hope I make more sense now.

BTW, I will be using Linksys WRT54G's at my main AP and also at the
client end.  They are running Sveasoft firmware, which supports OSPF
routing.  However that is a whole new ball game that I'm not sure I
wanna get into right now.


On Thu, 19 Aug 2004 21:56:21 -0400, Bryan Brayton <bryan at sonicburst dot net> wrote:
> Maybe I'm missing something here, but didn't Joe have client routers in
> the mix?
> 
> So without IP aliases, but with static routes on the m0n0 on the LAN (or
> OPT or whatever) pointing at the various internal routers, wouldn't this
> work:
> 
>    WAN
>     |
> Joe's M0n0 box
>     |
>    LAN 10.1.0.1/24
>     |
>     |
>     |----------------------------------------
>     |                                       |
> Client 1 Router WAN 10.1.0.2/24          Client 2 Router WAN 10.1.0.3/24
>     |   (default rt 10.1.0.1)               |    (default rt 10.1.0.1)
>     |                                       |
> Client 1 Router                          Client 2 Router
>     |                                       |
> Client 1 Router LAN 10.1.1.1/24          Client 2 Router LAN 10.1.2.1/24
>     |                                       |
>     |                                       |
>     |                                       |
>     |                                       |
> Client 1 LAN (default gw 10.1.1.1)       Client 2 LAN (default gw
> 10.1.2.1)
> 
> If dynamic routing was supported, you wouldn't have to manually enter
> the routes.  You will need firewalling on the client routers to prevent
> inter-client communication.
> 
> Correct me if I'm wrong.  I'm sure I'll regret that :)
> 
> -Bryan