[ previous ] [ next ] [ threads ]
 From:  "Jan Gundtofte-Bruun" <jan at g dash b dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Configuring DMZ vs. LAN
 Date:  Mon, 20 Mar 2006 19:21:21 +0100 (CET)
Hi all,
this is my first post here. I've been using monowall for some time, and I am
insanely happy with it.

My monowall box has 3 NICS: "WAN", "LAN" and "Portal". On the LAN side, I have
my private computers, a file server and a printer. This works just fine.

Obviously, now is the time to go for bolder goals (according to the mantra,
"If it ain't broken, fix it 'till it is"). ;-)

Now then, I wish to set up a captive portal on the Portal (hence the name). I
will do this using a 3Com wired NIC hooked up to a Squeezebox [1] which will
act as an access point. Anyone connecting to the portal should get access to
the Internet, but should be blocked from my private LAN --- BUT at the same
time I need the Squeezebox (the access point) to be able to access the file
server on the LAN (that's where my music is at).

Is this even possible? Or will the monowall not be able to tell the difference
between the Squeezebox and the clients connecting through it? It is very
important to me that nobody from Portal can access my file server (or any
other machines for that matter); this whole captive portal thing is merely
being nice to the neighbours. Naturally, chapter two will be to set up proper
traffic shaping.

So please, any guidance on how to set up the firewall rules around the access

In summary:_______________________
 * DHCP client gets static IP from ISP
 * monowall DHCP serves the range
 * monowall    is at
 * File server is at, also runs a SlimServer [2]
 * monowall DHCP serves the range
 * Squeezebox needs to communicate with (:9100?)
 * ALL other Portal->LAN traffic must be blocked, ie. pass only Portal->WAN

[1]: SlimDevices Squeezebox;
URL = http://www.slimdevices.com/
[2]: Streaming music server for -"-;
URL = http://www.slimdevices.com/pi_features.html

:o) Jan Gundtofte-Bruun
-- 010\001\111 --