General Questions

[QUESTION #1:]

I was using FREESCO as my routing appliance, but couldn't get dhcrelay working on it properly, so downloaded and configured m0n0wall as a replacement.
FREESCO allows to be setup in just an ethernet routing mode (no WAN interface per-se), but m0n0wall, as a "firewall" works a bit differently.

Anyway, I have setup my m0n0wall and everything is working in under 30 minutes.  I couldn't find a guide for exactly what I wanted to do, so i just went through the interface myself and set things up the way I *think* they should be.

I'm a bit confused as to why some of it is working, and wanted some guidance if I set things up the *right* way:

Here is a quick visualization of my network:

                 (     Physical Router     )       (         Virtual  m0n0wall       )
INTERNET <--->  10.10.10.1 <---->\------------> 10.10.10.254  (LAN)
                                                      \------------> 172.23.0.254  (OPT1)
                                                      \------------> 172.23.10.254 (OPT2)

Clarifying Details:
- Network (all 24 bit masks):
- 10.10.10.0 - Physical network using a physical ISP router at 10.10.10.1 to route to the Internet.
- Router is configured with static route 172.23.0.0/16 to 10.10.10.254 (LAN of m0n0wall)

The m0n0wall is a virtual machine and all of its interfaces are virtual:
- 10.10.10.254 is LAN of m0n0wall
- 172.23.0.254 is OPT1 of m0n0wall
- 172.23.10.254 is OP2 of m0n0wall

So, I set my m0n0wall configuration up with the above interfaces and created FW rules on the OPTx interfaces of *,*,*,*,*.

I am able to ping between all 3 interfaces without issue
I was however, unable to ping any address outside these subnets (a.k.a the Internet).

To solve this, I went into my OPT1 interface (I was working on a 172.23.0.x client at the time) and set a static route of:
OPT1,0.0.0.0/32.10.10.10.1

This worked as a default gateway and I was able to ping outside via the 10.10.10.1 interface.

QUESTION #1:
I set this gateway up on the OPT1 interface, but it appears to do the job for the OPT2 interface as well.  In fact, it doesn't seem to matter what interface I tag this default static route entry to.  Right now, I have it set on the LAN interface (LAN,0.0.0.0/32,10.10.10.1) and it seems to affect all interfaces.
This is good...because it means I don't need to type it in/maintain it for each interface.  But *why* does this work???

QUESTION #2:
Did I set this up correctly?  Since I just want the routing/dhcprelay capabilities of m0n0wall, I decided to not even configured the WAN interface.
I was thinking that perhaps I should have set the 10.0.0.x network up on the WAN interface, but I'm not sure the advantages/drawbacks of doing that vs what I did (simply leaving it idle).

BTW - my dhcprelay also worked flawlessly as soon as I enabled it!

I'm going to keep up and running with my config for now, as it *appears* to do what I need it to.  I am very interested in doing things the right way however, and would appreciate any feedback.

TIA

The only thing special about the WAN interface is that it does NAT.  However, that can be turned off by checking Advanced outbound NAT and not enabling anything.

As far as the default route, you only have one for the system.  Each network will have m0n0wall as the default route for that network, except for the network that is your default route out.