[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLANs with seperate WANs
 Date:  Tue, 12 Nov 2013 22:05:40 -0600
On 11/12/2013 07:25 PM, Daniel Jokinen wrote:
> Hi guys,
>
> I'm turning to you for help, since I can't figure out something good enough myself. I have a
customer request, as follows.
>
> They have two seperate physical LANs today, each with their own WAN setup. They're located in the
same building and utilizes the same cabling, although they've patched themselves apart and have
setup small switches to accomodate port needs.
>
> Now they would like to share an MFP printer. But, it's still imperative that they don't reach each
others networks, and they need to use their own WANs as well.
>
> It seems I would need to setup a router with 5 physical ports; 3 VLANs and 2 WANs, and static
route the traffic so that each VLAN uses their own WAN. VLAN 1 and 2 wouldn't route, except to VLAN
3 where the MFP sits. Am I making any sense?
>
> Now the real problem is finding a solution to all these independent ports. As far as I know, m0n0
just supports 3 ports, correct? And looking at vendor stuff they all seem to come with load
balancing auto WAN ports that just wouldn't cut it. I've looked at pfsense which can handle up to 60
or more ports, but I don't know if that can be WANs or only LANs. As always, I'd prefer m0n0 within
a neat appliance, but I didn't see one with 5 ports (only pfsense), and also it's getting pretty
expensive in that region.

First, m0n0wall has no set limits on ports.  I think you would be hard 
pressed to fit more than 16 in there due to slot limitations, but you 
never know.

As far as the load balancing, you are totally correct.  Just no way to 
make that work.  You will need to stick with the two routers, however, 
stick and extra nic on one, and put it in the others LAN.  Give the 
router without the extra nic a static route back to the other LAN via 
that extra nic.  You will need to set up firewall rules approiate to 
your needs as well.

			Lee