This is for anyone out there that knows a little networking wizardry ;)
On my campus, connections to the outside world are .... weak, to say the least. Gaming is truely horrid (pings, lag, choke, etc) To solve the problem, some of us have decided to pitch together to get a single cable modem hooked up in a residence room. We want to share out that cable modem amongst maybe 5 to 6 different people who throw cash into the project.
We've got a P-200 with 96 megs of RAM and a pair of NICs we're going to use to run this operation. Basically, here's what we want to do:
Have the interface pointed at the campus only
accept VPN connections from the allowed users.
Bandwidth throttle the VPN users so that everyone gets good gaming pings (the main issue at hand on our campus)
Connect to the cable modem using DHCP (just like normal)
Not introduce traffic from the "big bad Internet" to our campus subnet
So on the campus interface, only VPN traffic will go in and out - we don't want the VPN users getting the campus internet connection over VPN. Then on the cable modem interface, we'd want unrestricted outbound traffic and filtered inbound traffic (so we wouldn't have people being seeds for bittorrent etc.)
Looking around at things like IPCop and SmoothWall, just about everything seems to be geared towards the "Red and Green" interface idea. What we need is kind of a .... pink and purple interface scenario - it doesn't neatly fall into any packages. So far, we can't seem to use IPCop or SmoothWall because we need two interfaces that get IPs over DHCP (the campus IP needs to be fed via DHCP). So could somebody here enlighten me on the path of manual configuration? What sort of IP tables rules would be needed to keep the traffic streams seperate, and where would I look for the configuration of VPN? One issue I'm wondering about is the assignment of "virtual" IPs to the VPN users - the cable NIC will get an IP via the ISP, but what IPs get assigned will get assigned to the users? Will we have a "magical make-believe subnet" which is neither global nor campus, and just have that subnet get access to the "real world"?
Any help greatly appreciated