[ previous ] [ next ] [ threads ]
 
 From:  kira at fantasyhaven dot me
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VLANs with seperate WANs
 Date:  Wed, 13 Nov 2013 09:13:01 -0600
like I said, each situation is unique.  Hope you found the solution you 
need and that it works out well :)



From:   Daniel Jokinen <daniel dot jokinen at linford dot se>
To:     "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Date:   11/13/2013 09:08 AM
Subject:        Re: [m0n0wall] VLANs with seperate WANs



I'm telling you, I've been staring at this problem for so long now that I 
swear my brain has turned into a routing policy :) From the research I've 
done, and from what you guys have gathered I have these ideas:

1. Connect the two existing routers and static route them to talk to each 
other.
Benefit: Cheap and simple
Drawback: Clients can reach each others network. Unacceptable

2. Connect the two existing routers to a third router and restrict access 
between client networks in the "middle" network (where the MFP sits)
Benefit: Fairly cheap and simple
Drawback: Crude, but efficient, to quote Seven-of-nine

3. Buy a PFSense appliance with 5 ports (or a computer with 5 ports)
Benefit: Great control, less units to supervise and definitely a more 
stable solution, also allows each network their own WAN
Drawback: Costly, and probably time-consuming since I've never done 
anything like it before

4. Use a mono appliance (or similar) with 3 ports and setup access rules
Benefit: Somewhat cheap, otherwise as example 3
Drawback: Networks will share WAN. Unacceptable

5. Install a printserver and enable IPP
No.
No.

I also found out a more or less slaying fact today. One of the WAN 
connections is actually tunneled with IPSEC to the customers head office, 
and apparently I can't mess with that. Which means I can't change anything 
in that network. Which leaves me with the only choice I get; No 2 (as long 
as I can at least get into the IPSEC router and setup static routing 
rules). Unless I overlooked something.

> And for those of you who like internet history stuff, I can tell you a 
policy routing horror story

Do tell!

/Daniel



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch