Thanks for your help.
It's very likely, with design you describe, that users complain because they are used to have direct access to Internet and may refuse any infrastructure that will bring potentially some control on what they do there
Of course, you seem to be completely right here. However there is one strange problem which is hard to get by. Bottleneck is the wrong word here.
First, my situation:
We are a chair at a university and I voluntarily manage the server. So I do not know about RFC1918, but we have the kind of IPs you can reach from everywhere and do not go through a NAT
Internet access for the chair members has highest priority here.
The problem:
I recently did a manual update from ebox 1.4 to Zentyal 2.0. Since then sometimes the internet connection for some users is broken. It worked fine with the ebox setup. It happens rather randomly, but here are the facts:
- It happens to windows 7 and XP machines
- about 3 times a day
- connection lost for secconds up to minutes
- the windows network interface gets the small yellow exclamation point
- one user who reported to have big problems, seemes to have solved it by disabling IPv6 on windows 7. I am trying this myself at the moment.
These problems are reportet to me. My personal experience:
- It happens every other day for a few seconds on my windows 7 machine.
- restarting the network interface solves the problem (the average knowledge about computers is not enough to expect everyone to do this)
- Strange firewall behavior:
http://forum.zentyal.org/index.php/topic,7797.msg31289.html#msg31289Server settings as I wrote bevore +
- Firewall is open for DNS in every thinkable way (still the reported drops on DNS port)
- Dansguardian on allways allow (to rule out a problem) and 1Gb cache
- When I turn on Dansguardian the free Ram can drop down to a few hundred megabytes
So I wanted to deal the public IPs to permanent chair members for whom a reliable connection is important, because I can not get by this problem.