|
Post by cmutwiwa on May 27, 2015 11:45:34 GMT
Hi, I'm in the process of implementing this, so far its all good and splits bandwidth as desired. However, I've another question; How do I restrict SmallWall to only two static LAN IPs? I have so far disabled DHCP and I'm only using static IPs. Can this be done with firewall rules?
Regards.
|
|
|
Post by Lee Sharp on May 27, 2015 14:50:39 GMT
Yes. Change the default rule to only apply to those IP addresses. A small subnet is probably best. A source network of 192.168.0.24/30 would give you 192.168.0.24-27, for example. With that as the default LAN rule, only those 4 IP addresses would get out. (Note, this is summery route notation, so the broadcast and network addresses are still usable)
|
|
|
Post by cmutwiwa on May 27, 2015 15:27:34 GMT
Yes. Change the default rule to only apply to those IP addresses. A small subnet is probably best. A source network of 192.168.0.24/30 would give you 192.168.0.24-27, for example. With that as the default LAN rule, only those 4 IP addresses would get out. (Note, this is summery route notation, so the broadcast and network addresses are still usable)Thanks Lee, will give it a try, I only need two IPs. I haven't tried installing another NIC so that I have two LANs yet, would that help too? Kindly explain the part in bold. Regards
|
|
|
Post by Lee Sharp on May 27, 2015 20:05:46 GMT
A standard subnet (192.168.0.1 mask 255.255.255.0) the first address is the "network." (192.168.0.0) The last address is the broadcast address. (192.168.0.255) Pinging the broadcast address pings every host on the subnet. You can not use those addresses for devices. This is handy in networks.
But some times you need to talk about groups of networks, (Or sections of networks) In this case, we use the same terminology, but do not use network and broadcast in the same way.
|
|
|
Post by cmutwiwa on Jun 20, 2015 10:17:48 GMT
still working on improving my setup. Is it possible to have SmallWall give out two subnets on the LAN side without adding another NIC? (192.168.0.1 / 192.168.1.1) I'm thinking to add VLANs, will this work? and if yes will I still be able to allocate the bandwidth evenly to each?
|
|
|
Post by Lee Sharp on Jun 20, 2015 14:33:46 GMT
Yes. You can do it with vlans (recommended) or with multi-netting (Not recommended) if you want. You nee a vlan capable switch to use vlans...
But why do you believe you need to do this? It sounds like complexity for no benifit, unless I am missing something.
|
|
|
Post by cmutwiwa on Jun 22, 2015 5:16:19 GMT
Thanks Lee. I thought it will be much simpler than having to add another NIC but I guess will stick with my current setup.
|
|