* Multiple green networks
@ 2013-08-28 17:06 R. W. Rodolico
2013-09-04 9:42 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: R. W. Rodolico @ 2013-08-28 17:06 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 453 bytes --]
Does anyone know if we have the ability to run multiple green networks
on a router? I have a current situation where I need two LAN's I would
like to run off the same router. They should have no connections between
them (unless I set up a firewall rule).
Is this possible?
Oh, is this even the correct list to send this question to.
Rod
--
R. W. "Rod" Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
http://www.dailydata.net
214.827.2170
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: rodo.vcf --]
[-- Type: text/x-vcard, Size: 233 bytes --]
begin:vcard
fn:R. W. Rodolico
n:Rodolico;R. W.
org:Daily Data, Inc.
adr:;;POB 140465;Dallas;TX;75214-0465;US
email;internet:rodo@dailydata.net
title:President
tel;work:214.827.2170
url:http://www.dailydata.net
version:2.1
end:vcard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Multiple green networks
2013-08-28 17:06 Multiple green networks R. W. Rodolico
@ 2013-09-04 9:42 ` Michael Tremer
2013-09-10 2:32 ` R. W. Rodolico
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2013-09-04 9:42 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1082 bytes --]
Hey,
sorry that I reply that late...
Extending IPFire to manage more LAN interfaces than just BLUE and GREEN
is pretty hard to do if you want to use features like the DHCP server,
DNS proxy and so on...
In most of the cases, people don't need multiple separate LAN segments.
So, the answer to your question is no, unless you want to do a lot of
configuration on your own.
-Michael
On Wed, 2013-08-28 at 12:06 -0500, R. W. Rodolico wrote:
> Does anyone know if we have the ability to run multiple green networks
> on a router? I have a current situation where I need two LAN's I would
> like to run off the same router. They should have no connections between
> them (unless I set up a firewall rule).
>
> Is this possible?
>
> Oh, is this even the correct list to send this question to.
Support questions can also be posted on the forums, where more people
are around and will reply much quicker.
>
> Rod
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Multiple green networks
2013-09-04 9:42 ` Michael Tremer
@ 2013-09-10 2:32 ` R. W. Rodolico
2013-09-11 21:38 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: R. W. Rodolico @ 2013-09-10 2:32 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2463 bytes --]
I agree that for most small businesses and individuals, having multiple
green networks is not necessary.
I came up with the idea when comparing IPFire to some other small/medium
business routers like the Juniper. With them, you just have a bunch of
ports, and you set up one or more ports to be LAN and one or more to be
'net, and one or more to be DMZ. I was wondering how difficult it would
be for IPFire, and it sounds like it would be very difficult.
Question: We already have this partially. I could create a blue and a
green, then set up rules between them. Correct? In many locations, they
don't use the blue interface. It seems if I set up Blue to automatically
allow connection (like the green does), ie find the code that restricts
access to the blue network unless specifically given, then remove that,
it would in essence be another green. Am I wrong?
Anyway, like I said, I was just thinking. I had to work with some
Juniper routers the other day and was intrigued by the idea.
Rod
On 09/04/2013 04:42 AM, Michael Tremer wrote:
> Hey,
>
> sorry that I reply that late...
>
> Extending IPFire to manage more LAN interfaces than just BLUE and GREEN
> is pretty hard to do if you want to use features like the DHCP server,
> DNS proxy and so on...
>
> In most of the cases, people don't need multiple separate LAN segments.
>
> So, the answer to your question is no, unless you want to do a lot of
> configuration on your own.
>
> -Michael
>
> On Wed, 2013-08-28 at 12:06 -0500, R. W. Rodolico wrote:
>> Does anyone know if we have the ability to run multiple green networks
>> on a router? I have a current situation where I need two LAN's I would
>> like to run off the same router. They should have no connections between
>> them (unless I set up a firewall rule).
>>
>> Is this possible?
>>
>> Oh, is this even the correct list to send this question to.
>
> Support questions can also be posted on the forums, where more people
> are around and will reply much quicker.
>
>>
>> Rod
>> _______________________________________________
>> Development mailing list
>> Development(a)lists.ipfire.org
>> http://lists.ipfire.org/mailman/listinfo/development
>
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
>
--
R. W. "Rod" Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
http://www.dailydata.net
214.827.2170
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: rodo.vcf --]
[-- Type: text/x-vcard, Size: 233 bytes --]
begin:vcard
fn:R. W. Rodolico
n:Rodolico;R. W.
org:Daily Data, Inc.
adr:;;POB 140465;Dallas;TX;75214-0465;US
email;internet:rodo@dailydata.net
title:President
tel;work:214.827.2170
url:http://www.dailydata.net
version:2.1
end:vcard
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Multiple green networks
2013-09-10 2:32 ` R. W. Rodolico
@ 2013-09-11 21:38 ` Michael Tremer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2013-09-11 21:38 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3614 bytes --]
On Mon, 2013-09-09 at 21:32 -0500, R. W. Rodolico wrote:
> I agree that for most small businesses and individuals, having multiple
> green networks is not necessary.
>
> I came up with the idea when comparing IPFire to some other small/medium
> business routers like the Juniper. With them, you just have a bunch of
> ports, and you set up one or more ports to be LAN and one or more to be
> 'net, and one or more to be DMZ. I was wondering how difficult it would
> be for IPFire, and it sounds like it would be very difficult.
That is not very difficult to do. The limitation that keeps us from
doing that is the web user interface were almost anything is hardcoded.
Adding an additional zone or working with a variable number of zones
would require a complete rewrite (because modifying already existing
code will take much more time, I reckon).
The rewrite of the web user interface will happen with IPFire 3, but not
for IPFire 2 any more. There are also other limitations which require a
lot of work in almost every spot of the code (e.g. IPv6), so we don't
think it would be worth the time doing this for IPFire 2.
>
> Question: We already have this partially. I could create a blue and a
> green, then set up rules between them. Correct? In many locations, they
> don't use the blue interface. It seems if I set up Blue to automatically
> allow connection (like the green does), ie find the code that restricts
> access to the blue network unless specifically given, then remove that,
> it would in essence be another green. Am I wrong?
Yes, this would be essentially the same. Indeed configuring this will
become very easy with the new firewall GUI.
> Anyway, like I said, I was just thinking. I had to work with some
> Juniper routers the other day and was intrigued by the idea.
Sure. Keep these kinds of ideas coming. I am always happy to hear about
the your needs as a network admin. I won't promise anything, but it
helps me prioritizing my list of things I need to do.
-Michael
>
> Rod
>
> On 09/04/2013 04:42 AM, Michael Tremer wrote:
> > Hey,
> >
> > sorry that I reply that late...
> >
> > Extending IPFire to manage more LAN interfaces than just BLUE and GREEN
> > is pretty hard to do if you want to use features like the DHCP server,
> > DNS proxy and so on...
> >
> > In most of the cases, people don't need multiple separate LAN segments.
> >
> > So, the answer to your question is no, unless you want to do a lot of
> > configuration on your own.
> >
> > -Michael
> >
> > On Wed, 2013-08-28 at 12:06 -0500, R. W. Rodolico wrote:
> >> Does anyone know if we have the ability to run multiple green networks
> >> on a router? I have a current situation where I need two LAN's I would
> >> like to run off the same router. They should have no connections between
> >> them (unless I set up a firewall rule).
> >>
> >> Is this possible?
> >>
> >> Oh, is this even the correct list to send this question to.
> >
> > Support questions can also be posted on the forums, where more people
> > are around and will reply much quicker.
> >
> >>
> >> Rod
> >> _______________________________________________
> >> Development mailing list
> >> Development(a)lists.ipfire.org
> >> http://lists.ipfire.org/mailman/listinfo/development
> >
> > _______________________________________________
> > Development mailing list
> > Development(a)lists.ipfire.org
> > http://lists.ipfire.org/mailman/listinfo/development
> >
>
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-09-11 21:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-28 17:06 Multiple green networks R. W. Rodolico
2013-09-04 9:42 ` Michael Tremer
2013-09-10 2:32 ` R. W. Rodolico
2013-09-11 21:38 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox