[ previous ] [ next ] [ threads ]
 From:  Aaron Robinson <aaron at robinson dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Routable IP setup - please help!
 Date:  Wed, 1 Oct 2003 13:39:01 -0700
Hello. I've used m0n0wall personally for a bit and like it. It runs 
great on my P133 with 32MB RAM. However I now have a larger project 
that I am trying to help with. I am new to routing and am sure I am 
asking a simple question.  If anyone has some recommended resources 
where I could learn more about what I'm asking, I would appreciate it.

I am trying to set up a network that will have routable IP's. I will 
have a block of 16 initially and more after I figure things out. It 
will be for internet access at the condominiums where I live. 
Unfortunately my experience with networks is limited and I have never 
used a network where I had more than 1 IP. The LAN portion has always 
been NAT'd.

What I am tying to figure out is how I would set up something like 
m0n0wall for routable IP addresses. Everything i've worked with in the 
past has been with NAT. I want to be able to assign people routable 
IP's via DHCP.  What would the m0n0wall LAN IP be? DO I use the 
m0n0wall computer as the "router" IP on all client machines? I'm not 
quite sure how I would direct all traffic through the m0n0wall.

Network topology is cat5 to all of the buildings and then HPNA into the 
units. The HPNA concentrator is essentially a switch where I can turn 
on/off units but not much more. There are 40 units total and our 
connection is a 1.1Mb SDSL line. DSL router is an Efficient Networks 
Speedstream model 5851.

	DSL router
         m0n0wall (not implemented yet)
    |          |          |          |
hpna1	        hpna2     hpna3      hpna4
|||||||     ||||||||  ||||||||   ||||||||
		individual 	units

So what I am looking to have it do is

1) Stop people from using certain ports (25 is one)
2) Limit bandwidth. (looks easy enough in the shaping. Are there 
3) Assign static DHCP addresses (seems easy)
4) Block people from putting multiple computers on without registering 
       - I don't care about someone with a box doing NAT....I just don't 
want people using up IP's. Can I prevent them from just putting in a 
good (for our network) but unused address? Or how would I prevent an IP 
to be assigned to someone who hasn't registered their IP? I don't want 
to have people sign in or anything...
5) Any suggestions on what we could/should do to make things more 
secure or operate more smoothly?

I don't want to NAT people since they will be paying for service. 
However we don't want to allow people to run mail servers etc. and 
perhaps should block a few well known p2p ports. This would be possible 
with routable IP's correct? Do I just leave NAT off? Will I be using 
static routes? I'm really not sure how this would look. If anyone was 
willing to share some knowledge to get me started in the right 
direction, I would appreciate it.

I can send beer :)