[ previous ] [ next ] [ threads ]
 
 From:  Joe Lagreca <lagreca at gmail dot com>
 To:  Melvin Backus <melvin at sleepydragon dot net>
 Cc:  Monowall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: Re: [m0n0wall] How to subnet OPT1 and still offer DHCP for each subnet?
 Date:  Wed, 18 Aug 2004 10:00:44 -0700 
After I posted this message to the group I thought of increasing the
subnet size to give each office more address.  I think I will do that.

I'm unclear on your suggestion about not having the linksys do DHCP. 
I don't really want the offices networks to be NAT behind a NAT.  So I
will do the NAT, and run it to the LAN of the offices.  I will then
turn DHCP on the LAN of the Linksys and it can assign the IP addresses
for the subnet I assign them.  I would love to have my m0n0 handle the
whole thing, but I dont see how m0n0 can assign DHCP to multiple
subnets.  If someone knows how to have m0n0 to handle DHCP for
multiple subnets I would love to hear your suggestion.

Thank you.

Joe


On Wed, 18 Aug 2004 06:06:31 -0400, Melvin Backus
<melvin at sleepydragon dot net> wrote:
> 
> 
> At 01:23 AM 8/18/2004, Joe Lagreca wrote:
> >This is not really a technical question, but an implementation
> >question (I hope that is still acceptable in this forum).
> >
> >I want to put different offices on my OPT1 interface and keep the
> >different office separate from each other (ie. they can't see each
> >other).
> >
> >My latest and greatest idea is to subnet OPT1 to /28 which will give
> >each subnet/office 16 IP's (with a total capacity of 16
> >offices/customers).  However for ease of use, I want each subnet to
> >have its own DHCP server and I don't believe m0n0 can offer DHCP for
> >each subnet (please correct me if I'm wrong).  I will assign each
> >office the first IP in their subnet to their Linksys WRT54G LAN.  Then
> >turn on DHCP in their Linksys and set it to start assigning IP's from
> >their second IP to their last IP for their subnet.  That way any
> >machine plugging into the Linksys router will automatically get an IP
> >within its subnet.
> >
> >This idea will solve the problen of having to do a NAT behind a NAT.
> >Each customer will only be behind my m0n0 NAT.  If worst comes to
> >worst and some of the companies require more than 16 IP's, they can
> >plug their LAN connection into the WAN port of another router and have
> >their own internal network (creating the undesireable NAT behind NAT,
> >but giving them more address capactiy).
> >
> >I want all traffic to pass through the m0n0 for multiple reasons.  I
> >want to be able to shape traffic, so no one customer can use all the
> >bandwidth.  I also want to be in control of protecting my customers
> >(they are not tech savvy people and if I didnt protect them would be
> >full of viruses within the first week).  It will also allow me to
> >monitor all traffic flowing in and out for troubleshooting purposes.
> >
> >Some of you are probably thinking "this guy is nuts" and I may be, but
> >this is the best idea I have been able to come up with so far.  I'm
> >still in the design phase and would love to hear better ideas from
> >others.  Thanks for your input!
> >
> >Joe
> 
> In order to talk to all the subnets, your OPT1 still needs to have the /24
> mask.  Otherwise, you'll only be talking to one of the subnets.  Yes, the
> machines in the individual offices will need to have the /28 mask.  As for
> the 16 x 16 addresses, you'll lose 2 per subnet so you'll really only have
> 14 x 16.  Since it's on an internal interface that's isn't really much of a
> problem, just use a bigger mask on OPT1 and you can have as many as you
> need.  The only limiting factor is how much throughput can your hardware
> handle.  Personally, I'd kill the idea of assigning the Linksys to do
> DHCP.  That seems to be a real waste since I'd think most of the offices
> would have some kind of server that could have DHCP loaded.
> 
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Whom computers would destroy, they must first drive mad.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Melvin Backus
> Principal Wizard
> Sleepy Dragon Enterprises
> www.sleepydragon.net
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>