General Questions

Hi all

Here because I am told m0nowall is a great easy product to configure, but I have some questions that I need answered first

Here is what I am trying to achieve

three networks
local, remote 1 and remote 2
all have different IP ranges
all have own dedicated internet access.

I need to join all three together (routing) but not allow internet access via a remote network (ie local cant get to the internet via remote 1 or remote 2).

Why?
File sharing between the networks.  One is a long range wireless link, the other is next door.  The one next door I need access to every port I deem necessary for maintenance of hardware etc.  I will want to open the ports up as necessary.  The wireless link I only need file sharing (FTP? - details to be sorted out later)

So is this possible with m0n0wall.

If I get a PC with four NIC's (Internet, local, Remote 1 and remote 2) can m0n0wall do the routing as I require.
I am only looking at this for my network (local)

Thanks

Mick

Hi.

I'm running a pfSense (based on M0n0) on two
machines with five interfaces each. (em0..em4).

I have plugged in two IntelPro DualPort cards.
This will give me five network interfaces (onboard + 2x 2).

Basically a M0n0 should do the job too but i had to make a
failover solution taking pfSense with the CARP support.

So i use the onboard nic as a private link between the two firewalls
(CARP) and have 4 links for network connectivity.

Considering your network layout you have either to setup routes on each pc to the
desired "other network" or place routes on the default gateways of each network
pointing to your "huge number of interfaces" router.

At this point i had to learn that not all routers support routes wich route
traffic on the same interface in and out (M0n0/pfSense can do that).

From your description are you indicating 3 different sites with 3 routers or 1 site with 3 networks?  My interpretation is the former.
If this is the case then you answer is yes and yet not quite.  with 3 monowall boxes in 3 locations, you can get the networks talking to each other fairly easily with IPSEC VPNs (2 on each box to the other office in a star config) the difficulty is getting the machines on the remote networks to go to the internet through the first site.  It is easy enough to block the traffic going out on the remote internet connections, but you are not going to be able to put a 0.0.0.0 route to go through the primary network.  I suggest using a proxy server like squid and routing all internet traffic through there.

Thanks guys

markb, it is the latter, I will bring the other two networks to my location, with only m0n0 running here.  The other two locations will have routers but they are standard OTS routers.

So basically four networks are present in my rack, the local, two remote networks and the internet.

If the reverse is not possible unless a router like m0n0 is present at all locations then I'll have to go down that route with the others involved, although in teir instance it is a little simpler in that there are only two remote networks (internet and mine)

As indicated each network has its own internet connection and they are not to be shared to the other remote networks.  I think this removes the difficulty you indicate.

If a diagram makes it easier I will put one together and post it.

Mick