PDA

Bekijk de volledige versie : Firewalling/bandwidth managing multiple public IP's



Byteripper
27-08-2006, 14:10
Hi guys,

After hours of reading and searching, I can't seem to find a solution for a problem I'm having.

I have multiple public IP addresses through my ISP, and would like to use these adresses on the clients in my network. Currently my network is configured like this:


+------------+ +------+ PC1 (IP: xxx.99.236.82, gateway xxx.99.236.81)
Internet <-----> |ADSL Gateway| <----> |Switch| ---> PC2 (IP: xxx.99.236.83, gateway xxx.99.236.81)
+------------+ +------+ PC3 (IP: xxx.99.236.84, gateway xxx.99.236.81)
IP: xxx.99.236.81
with DHCP server

The bad thing we see here is:
1) There is no firewall
2) We can't use bandwidth control

So, I would like to have this setup (also for wireless):


+------------+ +----+ +---------------+ PC1 (IP: xxx.99.236.83)
Internet <-----> |ADSL Gateway| <----> WAN|Asus|LAN<---> |Switch+wireless| ---> PC2 (IP: xxx.99.236.84)
+------------+ +----+ +---------------+ PC3 (IP: xxx.99.236.85)
IP: xxx.99.236.81 Firewalling
with DHCP server Bandwidth mgmt
IP: xxx.99.236.82

How can I do this on the Asus? I already installed the hacked firmware, and have several interfaces (eth0, eth1, br0). There are also two vlan's: vlan0 and vlan1. Shouldn't there be three interfaces? (WAN, LAN-hub (bridged) and wireless?) I think it's the best to make a firewalling bridge between WAN on one side, and the LAN and wireless on the other side. How do I do this? And is it also possible to use bandwidth management between WAN <--> LAN and wirelsss when I have a bridge?

I really don't wan't to use NAT, but do want to take advantage of the advanced functions of the WL550gE.

Thanks in advance,

Byteripper.

Styno
28-08-2006, 08:24
I'm not into Linux firewalling, but I'm sure there are scripts available on the internet which can be used to build firewall rules. You can paste these rules into the post-firewall script (you need a custom firmware from Oleg for this to function).

Bandwith management can be achieved by using Wondershaper (http://wl500g.info/showthread.php?t=752), also available in the custom firmwares from Oleg.

Byteripper
28-08-2006, 21:21
I'm not into Linux firewalling, but I'm sure there are scripts available on the internet which can be used to build firewall rules. You can paste these rules into the post-firewall script (you need a custom firmware from Oleg for this to function).

Bandwith management can be achieved by using Wondershaper (http://wl500g.info/showthread.php?t=752), also available in the custom firmwares from Oleg.

Hi Styno, thanks for your response.

I know I can use linux firewall scripts and the wondershaper script to do the firewalling and traffic shaping. Only thing I need to know is how to set up the routing in my network, because I won't use NAT. Should I use multiple subnets? Or ARP-proxying? Or maybe make a firewalling bridge or something? Also I don't know which one of these options are available in Oleg's firmware and how I can enable them.

Styno
29-08-2006, 11:09
Beats me :confused:

Sorry.