[ previous ] [ next ] [ threads ]
 
 From:  Dave Warren <maillist at devilsplayground dot net>
 To:  Josh <josh at nemesis dot net>
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Problem with deployment (timeout related)...
 Date:  Sat, 02 Oct 2004 03:21:35 -0600
Josh wrote:

>The other thing m0n0 would need (if I'm understanding the
>rulesets right) is having an outbound firewall rule for
>'WAN' instead of 'ANY'   (ie - to allow isolation between
>different OPT interfaces).  I would love to see this in the
>next beta as it would have other benefits as well.
>  
>
You could try a rule that drops traffic to 192.168/16 and/or 10/8 for 
your average multiple small-client installation, or replace the default 
"--> ANY" rule with a "!192.168/16" assuming you assign each client  
their own /16 (or whatever) and they're all from 192.168/8.

Agreed though, being able to enter a destination interface would be 
great (WAN especially, but I could see it being useful to have LAN and 
various OPT# interfaces available too)

Even without VLANs m0n0wall would be ideal for this installation if you 
were deploying  some low power PCs with 4-5 PCI quad-cards each you 
could easily get 16-20 ports per router in PCs you picked up for free 
(okay okay, probably not what you'd want to base an ISP off of, but 
realistically, you could do a small installation reasonably reliably 
simply by testing the hardware upfront and having abundant hardware 
swapouts.

Assuming you were using 10Mb links to your various clients, you could 
probably run 15+ clients on a single 100Mb port and a low-end P2 
m0n0wall box.

-- 
God must love stupid people; He made so many.