[ previous ] [ next ] [ threads ]
 
 From:  "Daniel Foster" <dan at melbourne dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall scenario
 Date:  Tue, 7 Jun 2005 16:35:20 +0100 
Anyone!?!?

Kind Regards
Dan Foster

 | -----Original Message-----
 | From: Daniel Foster [mailto:dan at melbourne dot co dot uk] 
 | Sent: 06 June 2005 18:01
 | To: m0n0wall at lists dot m0n0 dot ch
 | Subject: [m0n0wall] Firewall scenario
 | 
 | Hi,
 |  
 | first of all, thanks to those who helped re the network 
 | stuff question, it worked as planned, by enabling the 
 | advanced outbound nat it let me sit public ip 
 | addressed-subnets on various interfaces perfectly.  Also got 
 | vlans up and running happily with fxp cards, although i 
 | think i had the parent port closed down issue since i'd not 
 | allocated a subnet to it....anyway it's working now.
 |  
 | so i've got a test box with m0n0wall on in the datacentre, 
 | and i'm trying to visualise our enviroment.
 |  
 | basically we're a co-location provider, so we give customers 
 | a small subnet, and they tell us what they want allowed in 
 | traffic wise, usually common ports like 80 25 21 etc.  Now 
 | obviously we want those blocked not only from the outside 
 | world, but also other customers who live in different 
 | subnets & vlans serviced from the same m0n0wall box.  but i 
 | dont want to block communication between them totally, i.e. 
 | if a customer wants port 80 open to the world, it needs to 
 | be open to WAN as well as all the other interfaces....
 |  
 | Now this is where the issue seems to lie for me, i can't 
 | find an economical way of saying block traffic going out of 
 | interface x.  you have to set it as where the traffic enters 
 | the m0n0wall box, so theoretically if we had 30 
 | subnets/vlans, i'd have to set 30 rules for each port i 
 | wanted to open for a customer.   and then if i add further 
 | interfaces i'd have to add the rule again.
 |  
 | i suppose what im asking is, is there any way of filtering 
 | traffic based on where it *leaves* m0n0wall instead of where 
 | it arrives from?  Or am I missing something?
 |  
 | Any insights would be appreciated!!
 |  
 | Kind Regards,
 | Dan Foster
 | 
 | --
 | No virus found in this outgoing message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 04/06/2005
 |  
 | 
 | ---------------------------------------------------------------------
 | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
 | 
 | 
 | -- 
 | No virus found in this incoming message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 04/06/2005
 |  
 | 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.4 - Release Date: 06/06/2005