[ previous ] [ next ] [ threads ]
 
 From:  Carsten Holbach <Carsten dot Holbach at gmx dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] New User
 Date:  Wed, 05 Oct 2005 23:23:00 +0200
Heya

Nice wishes you have ;)

The problem is: How can you block traffic from one guest to another that 
is unwished. Especially malware, verii and trojan horses spread 
themselves with broadcasts. For the case that you do not connect each 
guest's computer to it's own NIC in your m0n0wall, but all of them into 
a switch (which is common in LANs and lanparty environments), you can't 
block that. If you want to you need a managable switch of the higher 
class, where you can close ports in that switch.
If I understand you right, you just want to block the untrusted LAN from 
the trusted. That's no problem with m0n0wall, and your pings should be 
nice (if somebody complaints about a higher latency of 5ms than usual 
kick him ^^) if the hardware of the m0n0 box is a bit more decent.
The situation I described above applies for the untrusted LAN(s), then.

Greetings
Carsten


Fig wrote:

> Hello,
>
> I finally have the time to finish my M0n0wall box for my LAN. 
> Currently I am running on a Linksys router. It does ok, but there are 
> not enough forwarding lines to handle my needs.
>
> I have a small  base 100 LAN in my basement, and throw regular LAN 
> parties of up to 30 people. I have 8 gaming machines that are mine, 
> and a Samba server, an Linux web/FTP/Teamspeak server, a Linux 
> gameserver, and a Win32 gameserver. All the servers except the Samba 
> server will be accessible from outside, and the Samba server has NFS 
> installed so the Linux App server can use it as a local drive. 6 of 
> the gaming machines run Win98SE and have no AV software, and I want to 
> block their access to the net. My outside connection is via cable modem.
>
> A big concern is the computers my guests bring in. I don't have 
> anything to prevent infection across my LAN, so I would like to set 
> M0n0 up to have my "trusted" machines (gamers and servers) on one leg, 
> the brought-in machines on another, and allow them to communicate 
> across the on selected ports as needed for the games we will play. I 
> would also like to allow access for people to access the fileserver 
> for patches and mods to the games. If possible, I have room for a few 
> additional Realtek NICs and 8-port switches and would like to further 
> segment the "untrusted" portion of my LAN to help protect my friends 
> from each other in case someone goofs. So I might have WAN, LAN, and 3 
> OPT (untrusted), for example.
>
> Will I be able to achieve this with m0n0wall and still keep my 
> latencies down to acceptable levels? I have a few systems I can use, I 
> prefer to use a P233 box with 128MB of RAM but I can go up to a Duron 
> 1300 with 256MB if it is needed.
>
> Thoughts?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>