Security Basics mailing list archives
Re: firewall on the same segment
From: Preston Newton <preston.newton () equipnetworks com>
Date: Wed, 10 Sep 2003 12:55:28 -0500
From what I have read, they are wanting you to block access to a server, 192.168.100.3, from all systems, including any local 192.168.100.xxx systems, except for a selected few, which I take it could be on the same local network segment. One option would be, if they have an existing firewall, would be to move all servers to a DMZ and then your can control all access to every server in the DMZ. Not sure if they'd want to do that. Second option would to move only that one particular system to a DMZ. Third would be to setup FW software (iptables for example) on the system itself. When you start having individual systems with FW software on them, that adds to the administration of the network. I'd opt for a centralized administration point. The issue you have is exactly what you stated, they want to block even local segment traffic, which is not possible with the setup you currently have. Preston On Wed, 2003-09-10 at 01:08, Fernando Serto wrote:
hi, I always installed firewalls to prevent access from internet to the internal network, or from one network to another, but I was asked to install a firewall ON the LAN, to deny access to a few boxes. for example, the network address is 192.168.100.0/24, firewall's ip is 192.168.100.1 and I need to block access to a specific server which ip is 192.168.100.3. I have to allow access only to a few users to this server. Is it possible to deploy using iptables? On this company, they're using fwbuilder to administer the firewall, I tried to block access from 192.168.100.4 to 192.168.100.3, but I couldn't... I can only deny access to the ips configured in the firewall. Thanks in advance. Cheers, Fernando --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.506 / Virus Database: 303 - Release Date: 1/08/2003 --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- firewall on the same segment Fernando Serto (Sep 10)
- Re: firewall on the same segment irado furioso com tudo (Sep 10)
- Re: firewall on the same segment Sebastian Schneider (Sep 10)
- Re: firewall on the same segment Dana Epp (Sep 10)
- Re: firewall on the same segment Preston Newton (Sep 10)
- Re: firewall on the same segment Ansgar Wiechers (Sep 10)
- RE: firewall on the same segment David Gillett (Sep 10)
- Re: firewall on the same segment Gabriel Orozco (Sep 10)
- <Possible follow-ups>
- RE: firewall on the same segment LordInfidel (Sep 10)