Re: [m0n0wall] How to subnet OPT1 and still offer DHCP for each subnet?

From:	Fred Wright <fw at well dot com>
To:	Monowall List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] How to subnet OPT1 and still offer DHCP for each subnet?
Date:	Thu, 19 Aug 2004 14:55:32 -0700 (PDT)

On Wed, 18 Aug 2004, Melvin Backus wrote:

> No problem.  I should have figured there was a method to the madness as 
> they say.  In that case you're already requiring the Linksys, so go for 
> it.  As someone else already mentioned, there is a separate setting for 
> each optional interface for dhcp, but that would essentially require that 
> you have a separate interface for each office.  That is probably a good 
> choice if it's physically feasible, but on most hardware I'd expect that it 
> would require multiple NIC cards.  I don't know which if any of them are 
> supported.  That would be much more secure since it would prevent anyone 
> from sniffing packets on another subnet since they're no longer physically 
> connected.  It does however restrict how many subnets you could offer.  It 
> may be a reasonable solution though, and certainly worth investigating I 
> would think.  Assuming that you're charging these other offices for 
> connectivity, etc., any additional cost for the NICs and possibly different 
> hardware could easily be justified and passed along as required.

It also might be doable with VLANs, but don't count on VLANs for security.

					Fred Wright