[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Aaron <lists at mycommunitynet dot net>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Some network configuration help
 Date:  Sat, 2 Oct 2004 23:55:51 -0400
On Sat, 2 Oct 2004 19:44:26 -0700, Aaron <lists at mycommunitynet dot net> wrote:
> I would like to figure out the best way to
> 1) Provide NAT'd IP's ( think what I am doing is fine)

What you're doing is fine there.  If you need more accountability
(i.e. if somebody abuses their connection, you'll know who did it), go
with 1:1 NAT on everything.  You could use outbound NAT and DHCP
reservations to split your customers into pools per public IP.  Then
if you have a problem, you at least have a better idea who did it, but
no certainty.

> 2) Provide public IP addresses to some customers (1:1 or snat?)

Use 1:1 NAT for that.  Make sure you assign a DHCP reservation to the
LAN IP address.  Otherwise some other machine could pick up that IP
from DHCP and would have that 1:1 mapping.

> 3) Be able to view the DSL Modem statistics by going to web
> configuration page (
>         - DSL Modem is bridged, but can be reached via on ethernet
> port.

That should work if you turn off block private networks on the WAN
interface page.

> 4) What if anything should I use OPT1/DMZ for?

You could segregate some of your customers onto a separate interface. 
That way they couldn't talk to each other's machines, which could be a
major security issue for them if they don't use appropriate
firewalling.  You could also use VLAN's if you have a capable switch,
and put each customer on their own VLAN and don't route between them. 
That'd be the ideal setup.

> P.S. If anyone is curious, I am scrapping my 1.1/1.1 SDSL provider in
> favor of ADSL. The SDSL has a nasty feature of getting very high ping
> times when it is < 50% loaded. Pings will go to 200-400ms to the dsl
> gateway even with traffic shaping. The ADSL 3/768 is slower upstream,
> but I can pull or push near the max  bandwidth and ping remain fairly
> stable.

When < 50% loaded?  I'm guessing you mean > 50%.  That sounds like a
cruddy ISP, sounds like you aren't getting what you're paying for. 
The ADSL should have issues with load (on upload) more than SDSL,
since ADSL is asynchronous.  Fill your upload and your latency is
going to be 200-800+ ms.  Traffic shaping will help that.