Hello. I've used m0n0wall personally for a bit and like it. It runs
great on my P133 with 32MB RAM. However I now have a larger project
that I am trying to help with. I am new to routing and am sure I am
asking a simple question. If anyone has some recommended resources
where I could learn more about what I'm asking, I would appreciate it.
I am trying to set up a network that will have routable IP's. I will
have a block of 16 initially and more after I figure things out. It
will be for internet access at the condominiums where I live.
Unfortunately my experience with networks is limited and I have never
used a network where I had more than 1 IP. The LAN portion has always
What I am tying to figure out is how I would set up something like
m0n0wall for routable IP addresses. Everything i've worked with in the
past has been with NAT. I want to be able to assign people routable
IP's via DHCP. What would the m0n0wall LAN IP be? DO I use the
m0n0wall computer as the "router" IP on all client machines? I'm not
quite sure how I would direct all traffic through the m0n0wall.
Network topology is cat5 to all of the buildings and then HPNA into the
units. The HPNA concentrator is essentially a switch where I can turn
on/off units but not much more. There are 40 units total and our
connection is a 1.1Mb SDSL line. DSL router is an Efficient Networks
Speedstream model 5851.
m0n0wall (not implemented yet)
| | | |
hpna1 hpna2 hpna3 hpna4
||||||| |||||||| |||||||| ||||||||
So what I am looking to have it do is
1) Stop people from using certain ports (25 is one)
2) Limit bandwidth. (looks easy enough in the shaping. Are there
3) Assign static DHCP addresses (seems easy)
4) Block people from putting multiple computers on without registering
- I don't care about someone with a box doing NAT....I just don't
want people using up IP's. Can I prevent them from just putting in a
good (for our network) but unused address? Or how would I prevent an IP
to be assigned to someone who hasn't registered their IP? I don't want
to have people sign in or anything...
5) Any suggestions on what we could/should do to make things more
secure or operate more smoothly?
I don't want to NAT people since they will be paying for service.
However we don't want to allow people to run mail servers etc. and
perhaps should block a few well known p2p ports. This would be possible
with routable IP's correct? Do I just leave NAT off? Will I be using
static routes? I'm really not sure how this would look. If anyone was
willing to share some knowledge to get me started in the right
direction, I would appreciate it.
I can send beer :)