At 01:23 AM 8/18/2004, Joe Lagreca wrote:
>This is not really a technical question, but an implementation
>question (I hope that is still acceptable in this forum).
>I want to put different offices on my OPT1 interface and keep the
>different office separate from each other (ie. they can't see each
>My latest and greatest idea is to subnet OPT1 to /28 which will give
>each subnet/office 16 IP's (with a total capacity of 16
>offices/customers). However for ease of use, I want each subnet to
>have its own DHCP server and I don't believe m0n0 can offer DHCP for
>each subnet (please correct me if I'm wrong). I will assign each
>office the first IP in their subnet to their Linksys WRT54G LAN. Then
>turn on DHCP in their Linksys and set it to start assigning IP's from
>their second IP to their last IP for their subnet. That way any
>machine plugging into the Linksys router will automatically get an IP
>within its subnet.
>This idea will solve the problen of having to do a NAT behind a NAT.
>Each customer will only be behind my m0n0 NAT. If worst comes to
>worst and some of the companies require more than 16 IP's, they can
>plug their LAN connection into the WAN port of another router and have
>their own internal network (creating the undesireable NAT behind NAT,
>but giving them more address capactiy).
>I want all traffic to pass through the m0n0 for multiple reasons. I
>want to be able to shape traffic, so no one customer can use all the
>bandwidth. I also want to be in control of protecting my customers
>(they are not tech savvy people and if I didnt protect them would be
>full of viruses within the first week). It will also allow me to
>monitor all traffic flowing in and out for troubleshooting purposes.
>Some of you are probably thinking "this guy is nuts" and I may be, but
>this is the best idea I have been able to come up with so far. I'm
>still in the design phase and would love to hear better ideas from
>others. Thanks for your input!
In order to talk to all the subnets, your OPT1 still needs to have the /24
mask. Otherwise, you'll only be talking to one of the subnets. Yes, the
machines in the individual offices will need to have the /28 mask. As for
the 16 x 16 addresses, you'll lose 2 per subnet so you'll really only have
14 x 16. Since it's on an internal interface that's isn't really much of a
problem, just use a bigger mask on OPT1 and you can have as many as you
need. The only limiting factor is how much throughput can your hardware
handle. Personally, I'd kill the idea of assigning the Linksys to do
DHCP. That seems to be a real waste since I'd think most of the offices
would have some kind of server that could have DHCP loaded.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Whom computers would destroy, they must first drive mad.
Sleepy Dragon Enterprises