Security Basics mailing list archives

Re: firewall on the same segment

From: "Gabriel Orozco" <gabriel_orozco () mx sumida com>
Date: Wed, 10 Sep 2003 15:15:53 -0500

best way is to setup a bridge-firewall, where the firewall is acting like a
bridge (layer 3) but sniffs packets (layer 4) and blocks those you tell it.


with ipfw I have heard is very easy to do, in linux + iptables is also
something used, but you need to activate a module and recompile the kernel
to do that.

other platforms I sincerelly don't know

Regards

----- Original Message -----
From: "Fernando Serto" <fernando.serto () memetrics com>
To: <security-basics () securityfocus com>
Sent: Wednesday, September 10, 2003 1:08 AM
Subject: firewall on the same segment

hi,

I always installed firewalls to prevent access from internet to the

internal

network, or from one network to another, but I was asked to install a
firewall ON the LAN, to deny access to a few boxes. for example, the

network

address is 192.168.100.0/24, firewall's ip is 192.168.100.1 and I need to
block access to a specific server which ip is 192.168.100.3. I have to

allow

access only to a few users to this server. Is it possible to deploy using
iptables? On this company, they're using fwbuilder to administer the
firewall, I tried to block access from 192.168.100.4 to 192.168.100.3, but

couldn't... I can only deny access to the ips configured in the firewall.

Thanks in advance.

Cheers,
Fernando



---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.506 / Virus Database: 303 - Release Date: 1/08/2003


--------------------------------------------------------------------------

Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
--------------------------------------------------------------------------

--



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

firewall on the same segment Fernando Serto (Sep 10)
- Re: firewall on the same segment irado furioso com tudo (Sep 10)
- Re: firewall on the same segment Sebastian Schneider (Sep 10)
- Re: firewall on the same segment Dana Epp (Sep 10)
- Re: firewall on the same segment Preston Newton (Sep 10)
- Re: firewall on the same segment Ansgar Wiechers (Sep 10)
- RE: firewall on the same segment David Gillett (Sep 10)
- Re: firewall on the same segment Gabriel Orozco (Sep 10)
- <Possible follow-ups>
- RE: firewall on the same segment LordInfidel (Sep 10)