[ previous ] [ next ] [ threads ]
 
 From:  "Daniel C. Ossio" <daniel at ossio dot ch>
 To:  "'Fabrizio Lippolis'" <Fabrizio dot Lippolis at AurigaInformatica dot it>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: suggestion on multiport network card
 Date:  Sat, 8 Jul 2006 09:26:10 +0200
Hello Fabrizio

There is a nice solution with simple network cards.
This solution has some ups and downs, e.g.
+ MANY physical firewall ports.
+ You can control traffic between each and every host and subnet of your
network.
- bandwidth limitations (depending on actual configuration).
- cost / uses specific hardware (unless you own the switch with the .1q
capability already.)
- more difficult to install than just plugging in a quad port NIC.
... there are definitely more.


How To Steps:
1. Put two standard (I prefer Intel) network cards in each of the empty
slots.
2. Install m0n0wall, one interface is WAN, the other one will bear VLANs
3. Get a .1q ready switch and configure one port as a trunk port. E.g. port
48 is the trunk port
4. Configure the other ports of the switch each one in a different VLAN,
e.g. port 1 is in VLAN 101, port 2 is in VLAN 102, port 3 is in VLAN 103,
etc. You can still use part of the switch for other purposes by adding maybe
a port range to a single VLAN, but make sure not to confuse things here.
Pay attention to the default "VLAN" as everything that is not .1q-tagged
will go there.
5. Configure VLANs 101, 102 and 103 on the LAN interface of the m0n0wall.
You can play around by giving each VLAN a different IP subnet (that is what
I did) or try bridging interfaces, etc.
6. Connect the switch trunk port with the LAN/VLAN interface of the
m0n0wall.
7. Connect the WAN interface of the m0n0wall to the outside world, e.g. your
DSL.
8. Now you have a m0n0wall with 47 different interfaces. Nice.

I am actually using Gbit fiber to connect m0n0wall and switch. This will
give me some more bandwidth between the 10/100 ports on the switch.


Best regards to southern Italy!

Daniel Ossio
+41 79 33 99 484 - info at ossio dot ch - ossio at nfr dot com


-----Original Message-----
From: Fabrizio Lippolis [mailto:Fabrizio dot Lippolis at AurigaInformatica dot it] 
Sent: Freitag, 7. Juli 2006 14:42
To: m0n0wall at lists dot m0n0 dot ch
Subject: suggestion on multiport network card

I would like to build a m0n0wall box in a small case in which there are 
only two PCI slots available. Since I need at least 5 interfaces I am 
thinking of using a multiport network card. Does anybody run a similar 
configuration? Any suggestion on which cards to get? Thank you in advance.

-- 
Fabrizio Lippolis                fabrizio dot lippolis at aurigainformatica dot it
Auriga Informatica s.r.l.            Via Don Guanella 15/B - 70124 Bari
Tel.: 080/5025414 - Fax: 080/5027448 - http://www.aurigainformatica.it/