Issue:
Need to setup a VM server network bridge between 2 network subnets (e.g.192.168.0.0/24 and 192.168.9/24).
Solution:
Note: We are assuming:
VMDZA VM Machine network for WAN connection in m0no0wall. (e.g. 123.123.123.0/29)
VMNet1 VM Machine network for LAN connection in m0n0wall. (e.g. 192.168.0.0/24)
VMNet2 VM Machine network for OPT1 connection in m0n0wall. (e.g. 192.168.9.0/24)
1. Download the vm general pc version of m0n0wall (e.g. vs. 1.34). Unzip the downloaded file.
2. Using a Database Browser, upload the vmx machine file and vmdk drive file to a new folder in the Host's local, iSCSI, NAS/NFS storage.
3. Once uploaded, right-click the vmx file and choose option, Add to Inventory. Name/rename the VM as desired.
4. Right-click the VM and choose Edit Settings.
5. Set up the network / ethernet connections to the 3 networks. We will have the WAN as DMZ, the LAN as VMNetwork1 and the OPT1 as VMNetwork2.
a. Set the Network 1 entry that will be the WAN to the VMDMZ network.
b. Set the Network 2 entry for LAN to the VMNet1 network.
c. Add a new Network card (Networking). Set Network 3 entry for OPT1 to the VMNet2 network.
6. Right-click and choose (or on the menu bar choose) Open Console.
7. In the console window, click the Start button to boot the VM. (If the VM is already running, choose the option w/in the VM to reboot so m0n0wall can see the 3rd network card.).
8. At the menu, choose the number 1 option to set up the network cards. Set the following: (Say no to VLAN setups each time).
a. Set em0 to WAN
b. Set em1 to LAN
c. Set em2 to OPT1
9. At the menu again, choose the number 2 option to set the LAN IP address (em1).
e.g. 192.168.0.254
10. Let reboot if prompted.
11. Login to m0n0wall from a web browser at the address entered (e.g. 192.168.0.254).
(admin, w/default password mono - don't forget to change this)
12. Complete the General Setup page. Sample settings below:
Hostname = mwmono
Domain = mindwatering.net
DNS Servers = <list your internal and external DNS servers>
You can take defaults for the rest if you like.
13. Enter any static routes that each side needs to other local subnets adjacent to LAN or OPT1 networks.
e.g. LAN 192.168.90.0/24, Gateway: 192.168.0.1, Description: Other MW location
14. Confirm the LAN address is correct.
a. Under Interfaces, choose LAN. --> Under Primary configuration. . .
b. Make sure the IP address entry is correct. (e.g. 192.168.0.254 / 24).
c. Click Save.
15. Set the WAN IP information:
a. Under Interfaces, choose WAN. -->
b. Set Type = Static (assuming your WAN has static IPs. If you don't actually have a WAN, just enter dummy data that's not valid for any of your local networks.)
c. Set IP address = 123.123.123.123 / 29
d. Set Gateway = 123.123.123.1
e. Click Save.
16. Set the OPT1 IP information:
a. Under Interfaces, choose OPT1. --> Under Primary configuration. . .
b. Click the checkbox Enable Optional 1 interface.
c. Update the Description field if desired. (e.g. OPT1 (x.9.x) )
d. Set Bridge with = none. (Setting to LAN doesn't work.)
e. Set IP address = 192.168.9.254 / 24.
(Yes, this may look counter-intuitive. Like in LAN, this field actually sets the IP address of the OPT1 network "card" to 192.168.9.254, and not what you are bridging. )
f. Click Save.
17. Set up the firewall rules as desired.
For example, if you may want all machines/people on both sides to see both sides, then create a rule on the LAN and the WAN like:
a. Choose Firewall, choose Rules, under LAN tab, click the + icon.
b. Set/confirm the following field choices for the LAN network interface:
- Interface = LAN
- Protocol = any
- Destination Type = OPT1 (x.9.x)
- Description = lan x.0.x --> any opt1 x.9.x
c. Click Save.
d. Set/confirm the following field choices for the OPT1 network interface:
- Interface = OPT1 (x.9.x)
- Protocol = any
- Destination Type = LAN
- Description = opt x.9.x --> any lan x.0.x
e. Click Save.
18. Test that you can "see" machines on both sides of the networks, using PING and traces.
previous page
|