[ previous ] [ next ] [ threads ]
 From:  Adriano Castro <m0n0wall at adrianocastro dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Rethinking and Restructuring Network with WiFi
 Date:  Sat, 30 Oct 2004 06:19:42 +0100

     I wish/need to restructure my network and would like your views on 
my considerations and solution.


     As of the moment my network is:

       internet -- linksys wrt54gs -- computer 1 (LAN)
                                   -- computer 2 (LAN)
                                   -- unused ethernet port 1
                                   -- unused ethernet port 1
                                   -- computer 3 (WLAN)
                                   -- PDA (WLAN)

     I use software firewalls in all computers and I also use the 
router's firewall.


     I wish restructure my network according to the following:
       1. m0n0 should control all traffic and be my 'door to the world';
       2. for the time being only one machine needs to be DMZed but in 
the future others might require it;
       3. I have up to 3 machines that are close to each other and to 
the router and are/can be comfortably wired to it;
       4. wireless access is required;
       5. wired and wireless machines must form a 'talking' network;
       6. machines on Militarized Zone must be able to access DMZed 

     According to the requirements I stated above I believe my new 
network's configuration should be:

       internet -- m0n0 -- DMZ             -- server 1
                        -- linksys wrt54gs -- computer 1 (LAN)
                                           -- computer 2 (LAN)
                                           -- unused ethernet port 1
                                           -- unused ethernet port 1
                                           -- computer 3 (WLAN)
                                           -- PDA (WLAN)

     And, the possible future DMZ configuration (if m0n0 limited to 1 
DMZ port - like in the Soekris' net45xx PCs):

       internet -- m0n0 -- DMZ -- router -- server 1
                                         -- server 2

     In the above configuration m0n0 sports 3 ethernet ports: one for 
the internet connection, another one for the LAN (where the Linksys 
router is plugged in) and a third one for DMZ.

     I believe this to be the best way to organise my network. What to 
you think of this configuration? Weak points? Possible problems?

     Security wise, and not knowing if this is the best solution, some 
questions come to my mind. By using m0n0 as my door to the world is it 
safe to disable the router firewall and the software firewalls running 
on the client computers? Can m0n0 fully protect me?

     Also, would I, with this configuration, be able to VPN and VNC to 
my machines and m0n0?

     All your thoughts, comments and corrections are more than welcome.

     Thank you,