News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: monowal to router
Pages: [1]
Topic: monowal to router  (Read 1895 times)
« on: May 14, 2009, 13:17:20 »
Crypt *
Posts: 2
Ok I have been asked to look after a network for a small bookstore.  They had someone come in and set up their network and I had found some issues with it.  The store at the moment has a a DSL modem connected to a Dlink router.  The Dlink router acts as both their NAT and their wireless hotspot.  I wanted to put in a firewall between the router and the internal network so people wouldn't be able to hack into their systems.  I took an old system I had around installed monowall and installed it into their network.  I am unable to get monowall and the router to talk.  I had set monowall with a static IP  and had the WAN pointed to the router.  When I connected a computer to the LAN I was unable to get to the internet.  Is this possible to do, or do I have to change the network all together and have monowall with a DMZ that i connect the router to?
« Reply #1 on: May 14, 2009, 15:46:55 »
knightmb ****
Posts: 341
This is what you would want then.

DSL -> D-Link -> m0n0wall -> Internal LAN

m0n0wall WAN is connected to the D-Link LAN, then m0n0wall LAN IP range is changed to be +1 of the D-Link LAN range.

That will allow the Internal LAN access to the Internet (yes double NAT is poor, but unless you have an extra NIC card for m0n0wall to create a second LAN, it's all you can do)

Disable the "Block private networks" for the WAN since it will lie in the non-routable range.
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #2 on: May 15, 2009, 13:39:53 »
Crypt *
Posts: 2
hmm..So if the IP for the router is 192.168.90.1 have the firewall set to 192.168.90.2?  Also disabling private networks will that keep the two networks separate and each protected?
« Reply #3 on: May 15, 2009, 15:54:46 »
knightmb ****
Posts: 341
Quote from: Crypt on May 15, 2009, 13:39:53
hmm..So if the IP for the router is 192.168.90.1 have the firewall set to 192.168.90.2?  Also disabling private networks will that keep the two networks separate and each protected?
Then the DSL would be one address (example, 129.1.1.1), your D-Link LAN would be the 192.168.90.1, m0n0wall WAN can DHCP a 192.168.90.2 from D-Link, then the m0n0wall LAN could be set for 192.168.91.1 and DHCP out that range for your Internal LAN.

Technically, the wireless clients would not have access to m0n0wall or any clients behind m0n0wall, but the m0n0wall clients would be able to access the wireless clients (one way access). If you want to completely cut off any communication between the two network segments, create a firewall in m0n0wall that doesn't allow the one way access to any wireless clients (just the gateway, the D-Link in this case) and you'll have what you want to achieve.
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines