[ previous ] [ next ] [ threads ]
 
 From:  "Daniel Foster" <dan at melbourne dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Firewall scenario
 Date:  Mon, 6 Jun 2005 18:01:13 +0100
Hi,
 
first of all, thanks to those who helped re the network stuff question, it worked as planned, by
enabling the advanced outbound nat it let me sit public ip addressed-subnets on various interfaces
perfectly.  Also got vlans up and running happily with fxp cards, although i think i had the parent
port closed down issue since i'd not allocated a subnet to it....anyway it's working now.
 
so i've got a test box with m0n0wall on in the datacentre, and i'm trying to visualise our
enviroment.
 
basically we're a co-location provider, so we give customers a small subnet, and they tell us what
they want allowed in traffic wise, usually common ports like 80 25 21 etc.  Now obviously we want
those blocked not only from the outside world, but also other customers who live in different
subnets & vlans serviced from the same m0n0wall box.  but i dont want to block communication between
them totally, i.e. if a customer wants port 80 open to the world, it needs to be open to WAN as well
as all the other interfaces....
 
Now this is where the issue seems to lie for me, i can't find an economical way of saying block
traffic going out of interface x.  you have to set it as where the traffic enters the m0n0wall box,
so theoretically if we had 30 subnets/vlans, i'd have to set 30 rules for each port i wanted to open
for a customer.   and then if i add further interfaces i'd have to add the rule again.
 
i suppose what im asking is, is there any way of filtering traffic based on where it *leaves*
m0n0wall instead of where it arrives from?  Or am I missing something?
 
Any insights would be appreciated!!
 
Kind Regards,
Dan Foster

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 04/06/2005