Re: Multiple green networks

From: "R. W. Rodolico" <rodo@dailydata.net>
To: development@lists.ipfire.org
Subject: Re: Multiple green networks
Date: Mon, 09 Sep 2013 21:32:13 -0500	[thread overview]
Message-ID: <assp.0965e13d2c.522E84AD.8000902@dailydata.net> (raw)
In-Reply-To: <1378287730.21541.70.camel@rice-oxley.tremer.info>

[-- Attachment #1: Type: text/plain, Size: 2463 bytes --]

I agree that for most small businesses and individuals, having multiple
green networks is not necessary.

I came up with the idea when comparing IPFire to some other small/medium
business routers like the Juniper. With them, you just have a bunch of
ports, and you set up one or more ports to be LAN and one or more to be
'net, and one or more to be DMZ. I was wondering how difficult it would
be for IPFire, and it sounds like it would be very difficult.

Question: We already have this partially. I could create a blue and a
green, then set up rules between them. Correct? In many locations, they
don't use the blue interface. It seems if I set up Blue to automatically
allow connection (like the green does), ie find the code that restricts
access to the blue network unless specifically given, then remove that,
it would in essence be another green. Am I wrong?

Anyway, like I said, I was just thinking. I had to work with some
Juniper routers the other day and was intrigued by the idea.

Rod

On 09/04/2013 04:42 AM, Michael Tremer wrote:
> Hey,
> 
> sorry that I reply that late...
> 
> Extending IPFire to manage more LAN interfaces than just BLUE and GREEN
> is pretty hard to do if you want to use features like the DHCP server,
> DNS proxy and so on...
> 
> In most of the cases, people don't need multiple separate LAN segments.
> 
> So, the answer to your question is no, unless you want to do a lot of
> configuration on your own.
> 
> -Michael
> 
> On Wed, 2013-08-28 at 12:06 -0500, R. W. Rodolico wrote:
>> Does anyone know if we have the ability to run multiple green networks
>> on a router? I have a current situation where I need two LAN's I would
>> like to run off the same router. They should have no connections between
>> them (unless I set up a firewall rule).
>>
>> Is this possible?
>>
>> Oh, is this even the correct list to send this question to.
> 
> Support questions can also be posted on the forums, where more people
> are around and will reply much quicker.
> 
>>
>> Rod
>> _______________________________________________
>> Development mailing list
>> Development(a)lists.ipfire.org
>> http://lists.ipfire.org/mailman/listinfo/development
> 
> _______________________________________________
> Development mailing list
> Development(a)lists.ipfire.org
> http://lists.ipfire.org/mailman/listinfo/development
> 

-- 
R. W. "Rod" Rodolico
Daily Data, Inc.
POB 140465
Dallas TX 75214-0465
http://www.dailydata.net
214.827.2170

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: rodo.vcf --]
[-- Type: text/x-vcard, Size: 233 bytes --]

begin:vcard
fn:R. W. Rodolico
n:Rodolico;R. W.
org:Daily Data, Inc.
adr:;;POB 140465;Dallas;TX;75214-0465;US
email;internet:rodo@dailydata.net
title:President
tel;work:214.827.2170
url:http://www.dailydata.net
version:2.1
end:vcard