[ previous ] [ next ] [ threads ]
 
 From:  dave morgan <morgad at eclipse dot co dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Configuring DMZ vs. LAN
 Date:  Mon, 20 Mar 2006 19:24:56 +0000
tOn Mon, 20 Mar 2006 19:21:21 +0100 (CET), "Jan Gundtofte-Bruun" <jan at g dash b dot dk> wrote:

>Hi all,
>this is my first post here. I've been using monowall for some time, and I am
>insanely happy with it.
>
>My monowall box has 3 NICS: "WAN", "LAN" and "Portal". On the LAN side, I have
>my private computers, a file server and a printer. This works just fine.
>
>Obviously, now is the time to go for bolder goals (according to the mantra,
>"If it ain't broken, fix it 'till it is"). ;-)
>
>Now then, I wish to set up a captive portal on the Portal (hence the name). I
>will do this using a 3Com wired NIC hooked up to a Squeezebox [1] which will
>act as an access point. Anyone connecting to the portal should get access to
>the Internet, but should be blocked from my private LAN --- BUT at the same
>time I need the Squeezebox (the access point) to be able to access the file
>server on the LAN (that's where my music is at).
>
>Is this even possible? Or will the monowall not be able to tell the difference
>between the Squeezebox and the clients connecting through it? It is very
>important to me that nobody from Portal can access my file server (or any
>other machines for that matter); this whole captive portal thing is merely
>being nice to the neighbours. Naturally, chapter two will be to set up proper
>traffic shaping.
>
>So please, any guidance on how to set up the firewall rules around the access
>point?
>
>In summary:_______________________
>WAN
> * DHCP client gets static IP from ISP
>LAN
> * monowall DHCP serves the 192.168.1.100-199 range
> * monowall    is at 192.168.1.1
> * File server is at 192.168.1.2, also runs a SlimServer [2]
>Portal
> * monowall DHCP serves the 192.168.1.200-249 range
> * Squeezebox needs to communicate with 192.168.1.3 (:9100?)
> * ALL other Portal->LAN traffic must be blocked, ie. pass only Portal->WAN
>
>Notes_____________________________
>[1]: SlimDevices Squeezebox;
>URL = http://www.slimdevices.com/
>[2]: Streaming music server for -"-;
>URL = http://www.slimdevices.com/pi_features.html
>
>:o) Jan Gundtofte-Bruun
>-- 010\001\111 --
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

I was told the Squeezebox can not be used as an AP :-(

quoted email to me from SlimDevices follows -

>Dave,
>
>No, the Squeezebox can not be used as an access point.  Only as a  
>wireless->wired bridge.  But honestly, wireless routers are very  
>inexpensive these days.  You could just watch bargain web sites for a  
>bargain on an 802.11g router. 


were they wrong?, is SB3+M0n0wall = access point/router?

Dave
-- 
http://www.morgad.no-ip.info/index.html    gpg:0x64B5E037 
Distributed Proofreaders: http://www.pgdp.net
The NTP server pool http://www.pool.ntp.org