[ previous ] [ next ] [ threads ]
 From:  Adam Piasecki <apiasecki at midatlanticbb dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Some questions about m0n0wall
 Date:  Thu, 13 Mar 2008 16:53:26 -0400
Hello all,

I'm planning on deploying some net5501 w/monowall or pfsense as i hear 
they are a pretty good box for m0n0wall. My plan is to use this box and 
scale up in hardware where ever needed.

Some questions,

   1. Can someone please tell me how you would tell m0n0wall to
      recognize the extra ram, in the FAQ it's limit is 64mb.
   2. What are the largest loads that people have put on m0n0wall, DHCP,
      user number and bandwidth?
   3. 30,000 firewall states is the limit, is there any way to increase
   4. What other tweaks can i put on m0n0wall to make it work under
      large loads.

*What i need, and think m0n0wall can do.*

    * up to 5-70mb of bandwidth throughput LAN <-> WAN
    * 100-1,500 DHCP users
    * Able to view DHCP Leases and Host names of laptops on network.
    * ICMP tool available
    * Captive Portal on all LAN Users (No Authentication, just AUP)
    * Traffic shaping on Certain ports 80/25/21/22/VOIP... ect to
      provide QOS for basic internet usage. All other traffic dumped
      into a lower queue
    * Each IP(User) is bandwidth throttled for a max up/down speed OR If
      the m0n0wall can dynamically allocate bandwidth per IP that will
      work also(I think it does this)
    * Throttle bandwidth on WAN, (Example: Internet connection may be
      able to burst to 100mb, but you want to hard limit the M0n0wall
      for 25mb, so the wan traffic to the internet never goes over this
    * IPSEC VPN into management (OPT1) Interface, (For Remote management
      of equipment over the VPN)

*What i need, and i don't think monowall can do.*

    * Run Captive portal on more then 1 interface, VLANs are consider
      another interface.
    * Terminate large amounts of VLANs, GUI limitations prevent you from
      seeing all the VLANS
    * Can't do per IP bandwidth monitoring, (PFSense does support this)
    * Can't do 1:1 mapping dynamically, (For users who use IPSEC VPNS
      behind nat)