News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Make two LANs or not?
Pages: [1]
Topic: Make two LANs or not?  (Read 1180 times)
« on: August 01, 2009, 20:55:52 »
Sockpants *
Posts: 1
Hello all,

I'm soon going to move into a new house that has a true 100/100 mbit fiber connection. I decided I want to make good use of the opportunity to rethink our home network with the future in mind. As the modem only allows one connection, ie a router, I'm strongly considering making this one of my own that runs m0n0wall, as long as that doesn't make things much more complicated than necessary without any benefits.

I will be running at least a handful of server applications, not all of which will probably be on the same machine. Games, web, and web radio are some I've hosted in the past and will continue to do. Additionally, I will run a NAS that will also be used to download files from the internet and store them for local use, to offload storage needs from my laptops and other machines.

I would like these to be close to the internet, especially gameservers, to minimize lag and maximize throughput. Because I'm in a stage of experimenting with new things, these machines might sometimes be unsecure. Additionally, these machines may generate a very large amount of throughput towards the internet thanks to the fiber connection.

In addition to all of this, there are all the home network devices. These include everyone's laptop for browsing and such, music devices, voip phones, smartphones, some more NAS boxes... My worries are that my server machines may be targets of outside attacks or such, and that when somebody manages to gain access to them the entire home network with all personal information stored on it is exposed. More realistically, I worry that at times when the throughput between the servers and the internet is at a maximum, the slower parts of the LAN would be affected internally because of the massive amount of data travelling the lines. Not all of our devices are gigabit yet, some parts are still governed by 100 mbit switches and for practical and financial reasons will probably remain that way.

I wonder if there is a way that I can put the server machines on one LAN and the home network on a second LAN, and have both connect to the internet through a single m0n0wall machine. The machine would then get 3 gigabit NICs on PCI-express. This way, if there is a security leak in a server only the servers can be affected (assuming the m0n0wall can't be hacked), the unknowing family members are not bothered with mentions of various server machines on their network, and if I happen to be downloading files at speeds of 100 mbit/s, data transfers on the home LAN can remain unaffected.

Is this possible? The way I imagine it one NIC would use the 192.168/16 and run a DHCP service, the other might use 10/8 and just use static IPs (for the servers), but both would be connected to the internet through the same NAT and thus share the same public IP on NIC 3.
« Reply #1 on: August 02, 2009, 01:06:58 »
Fred Grayson *****
Posts: 994
What you want to accomplish is a very common m0n0wall configuration.

Look thru the Handbook, Section 13 Example Configurations, Configuring a DMZ Interface Using NAT.

http://doc.m0n0.ch/handbook-single/
--
Google is your friend and Bob's your uncle.
« Reply #2 on: August 02, 2009, 17:42:10 »
fishandtear *
Posts: 5
Can we use two lan card if  Secondary IPs  work  ?

How can Secondary IPs work ?

omg 

help
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines