[ previous ] [ next ] [ threads ]
 
 From:  Alex Neuman van der Hans <alex at nkpanama dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0 scenario
 Date:  Sat, 28 Apr 2007 02:53:46 -0500
Dear list,

Don't see why not, but just in case, let me know if you see any obstacle 
for something like the following to work:

The ingredients:

1 Internet connection
8 different internal physical network segments (let's call them 
192.168.1.x through 192.168.168.8.x)
1 PC w/m0n0 and 9 NIC ports (in whatever way possible supported by m0n0)

I want to do traffic shaping between network segments so that:

* I set apart X amount of bandwidth for VOIP devices (by MAC or IP 
address, for example)
* I prioritize SIP/IAX above everything else
* I give SMB/CIFS (ports 135:139 and 445) priority after VOIP
* I give SMTP/POP3 priority after SMB
* I give squid traffic to-from the proxy the next level of priority
* I give a few other things (DNS, for example) the next-to-last level
* I give *everything else* last place priority

On the firewall side, I want to:
* Block traffic to-from anywhere by default except where allowed
* Allow traffic between segments on specific ports to specific servers 
(squid, web, print, etc.)
* Allow the proxy server to retrieve web pages from the internet
* Allow the mail server to send/receive mail through the internet connection


Anything I should watch out for? Again, I *don't see why it shouldn't 
work*, but I'd love to know about any pitfalls before I embark on this 
project.

Regards,

Alex