Hi all,
this is my first post here. I've been using monowall for some time, and I am
insanely happy with it.

My monowall box has 3 NICS: "WAN", "LAN" and "Portal". On the LAN side, I have
my private computers, a file server and a printer. This works just fine.

Obviously, now is the time to go for bolder goals (according to the mantra,
"If it ain't broken, fix it 'till it is"). ;-)

Now then, I wish to set up a captive portal on the Portal (hence the name). I
will do this using a 3Com wired NIC hooked up to a Squeezebox [1] which will
act as an access point. Anyone connecting to the portal should get access to
the Internet, but should be blocked from my private LAN --- BUT at the same
time I need the Squeezebox (the access point) to be able to access the file
server on the LAN (that's where my music is at).

Is this even possible? Or will the monowall not be able to tell the difference
between the Squeezebox and the clients connecting through it? It is very
important to me that nobody from Portal can access my file server (or any
other machines for that matter); this whole captive portal thing is merely
being nice to the neighbours. Naturally, chapter two will be to set up proper
traffic shaping.

So please, any guidance on how to set up the firewall rules around the access
point?

In summary:_______________________
WAN
 * DHCP client gets static IP from ISP
LAN
 * monowall DHCP serves the 192.168.1.100-199 range
 * monowall    is at 192.168.1.1
 * File server is at 192.168.1.2, also runs a SlimServer [2]
Portal
 * monowall DHCP serves the 192.168.1.200-249 range
 * Squeezebox needs to communicate with 192.168.1.3 (:9100?)
 * ALL other Portal->LAN traffic must be blocked, ie. pass only Portal->WAN

Notes_____________________________
[1]: SlimDevices Squeezebox;
URL = http://www.slimdevices.com/
[2]: Streaming music server for -"-;
URL = http://www.slimdevices.com/pi_features.html

:o) Jan Gundtofte-Bruun
-- 010\001\111 --