[ previous ] [ next ] [ threads ]
 
 From:  jochen thomas <jochenthomas at yahoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  some newcomer-questions
 Date:  Tue, 23 May 2006 10:00:10 -0700 (PDT)
+------+  +--------+  +--------+  +--------+  +--------+  +--------+  +--------+
|      |  |        |  |        |  |        |  |        |  |        |  |        |
|Router|--|mOnOwall|--|sendmail|--|mOnOwall|  |Serv2003|  |PC Nr. x|  |IP Phone|
|      |  |  -1-   |  |        |  |  -2-   |  |        |  |        |  |        |
+------+  |        |  +--------+  |        |  +--------+  +--------+  +--------+
   |      |        |              |        |       |          |            |
   |      |        |              |        |       |          |            |
   |      |        |  +--------+  |        |------------------------------------
  VPN     |        |  |        |  |        |
Client   |        |--|Asterisk|--|        |
          |        |  |        |  |        |
          |        |  +--------+  |        |
          |        |              |        |
          |        |              |        |
          |        |--------------|        |
          |        |              |        |
          +--------+              +--------+


Hello,
I am new to mOnOwall.
Please, if you can have a look at the above draw (if not readable. please copy it into a text-editor
with a readable font).

There is 
- a DSL router
- two separate DMZ-server
  - sendmail (Http/s and smptp + pop3)
  - VoIP (SIP and IAX2 external, SIP internal)
- and a Win2003Server
- Clients 
  - inside are SIP-phones and WinXP workstations
  - external VPN clients
 
As you can see I want to create a double fire walled small environment.

I am not really sure if this will work regarding these points:
- VoIP-clients/Phones (SIP + varying UDP-Ports + NAT) / very important
- how to route this VoIP (UDP) streams (SIP and IAX2)?
- exact routing of different protocols e.g smtp/pop3 only to sendmail-server, but HTTP at all three
NIC's at monowall-1- (can I use more then 3 NICS? --> one external, two DMZ, one internal)
- secure access to Server2003 via Tunnel through both monowalls
- routing to different port80 http-servers (to sendmail-server, to asterisk-server, and to some
other (each have different domains like sendmail.domain.com, asterisk.domain.com,
server2003.differentdomain.com)) --> what is the best way
- regarding the design in general, is this configuration o.k.?
- what about intrusion detection, what about stateful inspection, SYN flood, port scans,
http-filters?
- are there typical predefined rules which I can import for easily use (e.g. VoIP/SIP-rules,
Web-services, VPN, SMTP,...?
- as far as I see concerning different posts the traffic shaping doesn't work well in a VOIP/SIP
environment, isn't it? What are your recommendations?
 
Can you give me some advise how to handle this needs if I would use mOnOwall.

Best regards
jt___