General Questions

Hello,

is it posible to use M0n0 as "Router"?

I have to Route Public Subnet´s for Webservices...

In my router there are 4 GBit PCI express Interfaces...

1. "WAN" -> Transport Subnet from my internet Provider
2. LAN -> Private Subnet 10.0.0.0/24(Managment etc) with NAT
3. "OPT" -> Interface Servers (Public Network)
4. "OPT" -> Interface Customers Servers (Public Network)

83.*.128.57/30 ---> M0n0(83.*.128.58/30) -|
                                                                    --> LAN 10.0.0.0/24
                                                                    --> Servers Public NET 83.*.131.0/25
                                                                    --> Customer Public NET 83.*.132.0/24

Absolutely.  As long as your service provider is routing the two public subnets to the external IP address of your Mono box it will route. You will need to change your NAT configuration.  Choose advanced NAT and create a NAT rule for your LAN interface, but not your OPT interfaces.

Thanks,

my service provider will route my Netzworks to my Transfer Net adress,

do you mean ->
Enable advanced outbound NAT (......With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN) and any mappings specified below will be ignored.  ......)

thx for help!!

do you mean ->
Enable advanced outbound NAT (......With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN) and any mappings specified below will be ignored.  ......)

Yes this is basically it.  This page in the hand book explains it better than I could.

Hey Mark,

please help me a second time,

i have started my router at night,
everythings looking ok....
but Smokeping in the OPT Network Reports 90% PacketLoss, starting @ the Network OPT Interface (maybe Smokeping bug oder m0n0 config bug)

at the moment i have enabled 3 Interfaces
- Wan (transport network)
- LAN (10.0.1.0/24 no active NAT)
- OPT1 (83.164.131.0/25)

Since i had enabled advanced outbound NAT it works without Static Routes.....
Is this OKAY without Static Routes???
Maybe posible if i enable OPT2 and the other Networks??

Outside:
  6    11 ms     9 ms    10 ms  r1-v04.core.lnz.net.lagis.at [83.164.129.2]
  7     9 ms    10 ms    10 ms  gw0.buchhas.cust.net.lagis.at [83.164.128.58]
  8    10 ms    11 ms    11 ms  83.164.131.50
 
Inside:

 1  83.164.131.1 (83.164.131.1)  1.638 ms  0.486 ms  2.134 ms
 2  r1-v19.acc.lnz.net.lagis.at (83.164.128.57)  1.698 ms  2.615 ms  1.750 ms
 3  r0-v04.core.lnz.net.lagis.at (83.164.129.1)  2.915 ms  1.317 ms  3.078 ms


My Hardware is a Xeon 2,8 with 2x Onboard INTEL PT1000, 1x Dual Intel PT1000 Server Card PCI-Express, CPU Load is 3% and Network load ~ 50mbit @ WAN

Hi,
You shouldn't need any static routes, as your Mono box knows where to go for all the subnets you have.  you will need to have a NAT rule for your LAN though, as you are using a private address range, the rest of the internet will not know how to get back to you when you try to get out, and the only destination that you will be able to get to are your opt subnet.  On the outbound NAT page add a rule with the interface WAN (You want the NAT to happen when the traffic exits this interface) Source is 10.0.1.1/24 (Your LAN segment) Destination Any, Target Blank no disable port mapping, and give it a descriptive name i.e. LAN NAT

Once you have this set up, you then need to look at rules, I would suggest that to start with for testing purposes you have any - any set up on the Opt and LAN interfaces and a block all on the WAN.  This way you can check your outbound connectivity without worrying about intrusions, then when you are happy that this is working, you can start opening up the ports you require to your OPT segment

I have just run some pings on your OPT and WAN interfaces on the IP's you PM'd me and I get no packet loss and latency of less than 60ms.  Looks good.

Thx,

i have a 48port 1000mbit Switch, @ Start i plugged all Ports to one Switch without VLans / Segments, since i have "splittet"  it on the switch, Loss is ZERO

but @  packetsize = 5000 / 20pings  loss starts again on any interfaces...
maybe M0n0 discovered a DOS attack and deny?