3 wan for 1 lan, 1 dmz and 1 wifi

[tengu818]

Hello!
I'm trying to have this kind of network :

Code:

    .____________________________________________.
    |                                            |
    | .________________________________.      .--|-----|- W-Public
    | |      .___________________.     |      |  |
    |_|______|___________________|_____|______|__|
     | |    | |    | |    |X|   | |   | |    | |
    LOCAL   DMZ   MONIT   DEAD  WAN_1 WAN_2  WAN_3

That is :
- 3 virtual WAN interfaces (my ISP gives me 4 public IP via dhcp)

- the first one (aka wan_1) is bridged on DMZ directly, without firewall or dhcp server (there's only ONE computer in DMZ, and this one should have wan_1 IP directly.)

- the second one (aka wan_2) is bridged on LOCAL directly, without any firewall or dhcp (there will be a server just behind it, which will provide DNS, dhcp and other services for my LAN)

- the third one (aka wan_3) is linked on wifi. wifi interface will have a dhcp, QoS and so on as it's a public access (and therefor NO link between this interface and dmz/lan will be provided)

The MONIT interface should be the only one to provide a direct access through SSH on the asus... but it's a "bonus", if only LOCAL can access it it's nice too :->

I tried to find doc, howto, forum threads, but no luck. After having flashed my asus-wl500gp 5 times having lost it, I think I can maybe ask for help

So if anyone among you has an idea on how to do this.... or a doc link...

Thanks in advance !

[newbiefan]

Well, you are talking about several virtual wan interfaces, but nothing how they look like - e.g. one line or 4 lines.
According to your drawing, I'm assuming you have 3 ethernet lines (wan), maybe to a switch and 1 line to your provider. You told us nothing about your kind of connection - dial in, bridge or something else.....

-wan1: is just nothing, connect your device/pc directly to wan1, using dhcp
-wan2: is just behind a nat (network address translation), usually your server should handle this (Local 192.168.x.y), if not possible use a simple router and connect to wan2 (dhcp)
-wan3: is just a simple asus router or any other wireless device (dhcp)
-MONIT: does'nt make any sense to me - access to what? Your network or any device or asus, what do you wanna do with ssh?

hint: flashing firmware, doesn't mean to get a full configuration for a network. But to read something should solve any problem shortly.
Have fun....

[tengu818]

hi again!
sorry, my schema wasn't really clear....

I have only one wlan physical interface -> wan_1 wan_2 and wan_3 will be virtual interfaces.

In fact, lan->wan is ok, I have a connection on it.
I tried to put a dmz, but no luck : no internet on it.

Here's what I have :

Code:

#### VLAN configuration 
config switch eth0
	#option vlan0	"1 2 3 4 5*"
	#option vlan1	"0 5"
	option vlan0	"1 2 3 5*"
	option vlan1	"0 5"
	option vlan2	"4 5"


#### Loopback configuration
config interface loopback
	option ifname	"lo"
	option proto	static
	option ipaddr	127.0.0.1
	option netmask	255.0.0.0


#### LAN configuration
config interface lan
	option type 	bridge
	option ifname	"eth0.0"
	option proto	static
	option ipaddr	192.168.1.1
	option netmask	255.255.255.0

#### WAN configuration
config interface	wan
	option type	bridge
	option ifname	"eth0.1"
	option proto	dhcp
	
#### DMZ configuration
config interface	dmz
	option type	bridge
	option ifname	"eth0.2"
	option proto	static
	option ipaddr	10.10.0.1
	option netmask	255.255.255.0

Code:

config dhcp
	option interface	lan
	option start 	100
	option limit	150
	option leasetime	12h

config dhcp
	option interface	dmz
	option start		10
	option limit		15
	option leasetime	12h

config dhcp
	option interface	wan
	option ignore	1

My computer in dmz has an ip, in correct range.

(final aim is that computers connected to my asus will have ISP IPs.)

MONIT interface is to access asus, as I want it to be transparent and to be accessed only by this port. it's a physical ethernet port. but for now, it's a bonus, I want the rest to work first ^^'

Regards

C.

[newbiefan]

Anyway your network config is not a usual and maybe a very danger config.
Use a switch and connect everything as written above.
Consider, that you can get up to 4 ips from your isp, hence it means you should have up to 4 devices requesting dhcp (clients).
SSH on Asus is simple use dropbear and any tutorial how to install everything.
Further consider anytime, that such an "open" config is a party for any hacker. And you must install firewalls, nats and more for each network or device. Why do you wanna have everything separated? Use portforwarding instead of an "open" network.