1

I installed m0n0wall in a virtualized environment, i have 10 PCs connected to a router ( 192.168.1.0/24) which connect them to the internet through PPPoE, the problem is that this router does not have a QoS so what i want to do is the following :-

  1. let all the PCs get their IP from the Router and the default gateway will be m0n0wall

  2. the moon wall will have 2 interface (Lan 192.168.1.20) and (Wan 192.168.1.21 and default gateway 192.168.1.1)

  3. now when any PC want to access the internet it should go through m0n0wall and then m0n0wall will forward the connection to the default gateway through the wan interface which is the PPPoE running on the router (192.168.1.1)

the big question is this scenario possible or not and what do you suggest? Thanks

Black2night
  • 11
  • 1

2 Answers2

0

You cannot have the LAN interface and the WAN interface in the same subnet (192.168.1.X) - that will make routing impossible.

What you should do, is to let the m0n0wall handle DHCP and all that stuff, and then only let the router act as gateway for the m0n0wall.

This way your PC's will connect to the m0n0wall, and get internet through it.

Frederik
  • 3,359
  • 3
  • 32
  • 46
  • I'm not sure i understood what you wrote but both interfaces ( lan and wan) will on the same subnetwork and as for the dhcp thats not an issue for me what i want is that the PCs connect to the m0n0wall which in turn connect to the internet through its internal WAN interface to the gateway on the router ( ip address 192.168.1.1) to put it in another way i want to chain both gateways the m0n0wall and the router. – Black2night Oct 13 '12 at 17:17
  • What I wrote is, that you can **not** have the WAN and the LAN interface on the same subnet - they must be different. – Frederik Oct 13 '12 at 18:51
  • i understand but why not? and thanks for your comment :) – Black2night Oct 14 '12 at 02:30
  • no, what you wrote is that you cannot have the interfaces in _different_ subnets - which is incorrect. It would also have been incorrect if it had stated "same subnet", BTW - there is no such restriction with IP. – the-wabbit Oct 14 '12 at 06:58
  • @syneticon-dj oh i see now lol.. must have been tired. It would not be incorrect if it stated "same subnet", as it is not possible. If you entered the same subnet on both LAN and WAN side of a Cisco router, you would get huge errors all over the place. – Frederik Oct 14 '12 at 09:44
  • @FrederikNielsen Cisco IOS routers [***can do Proxy ARP setups too***](http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html#wp1001233). Having the same subnet configured on two interfaces in different broadcast domains is what Proxy ARP is about. – the-wabbit Oct 14 '12 at 14:40
  • @syneticon-dj I didn't know that Proxy ARP existed until now. However, that seems like an unneccessary way to complicate things. – Frederik Oct 15 '12 at 07:39
  • @FrederikNielsen hence my appeal not to use it in this case. There are even more use cases for IP addresses in the same subnet range on different interfaces plugged into the *same* broadcast domain - MPIO or [IPMP](http://en.wikipedia.org/wiki/IP_network_multipathing) would be among them. – the-wabbit Oct 15 '12 at 08:08
0

Although technically possible, it would make your setup unnecessarily complicated. You should do what Frederik suggested and really chain the routers like

your hosts --- m0n0wall --- router

instead of

your hosts --- m0n0wall
            /
router   ---

For this it would be advisable to re-number one of your subnets as having the WAN and the LAN interfaces in different broadcast domains (i.e. separated Ethernets) with the same subnet definition would require the use of Proxy ARP or bridge mode to establish correct forwarding - which you should avoid for the sake of simplicity.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
  • even though this is the best setup the router is the only wireless station and in this configuration i would loose the wireless function which is very essential to me. – Black2night Oct 14 '12 at 10:30
  • @black2night Hook up another access point - a wireless router does cost less than 20 bucks on the bay. This way you are also make sure that your wireless stations do not circumvent your QoS setup ***and*** can be separated from the rest of the network without interfering with other services when necessary (e.g. when you want to allow wireless guests for internet access only, but do not want to allow them to get access to hosts on your internal wired network) – the-wabbit Oct 14 '12 at 14:38
  • thanks a lot @syneticon-dj, i will try this configuration – Black2night Oct 15 '12 at 02:40