Security Basics mailing list archives
Re: firewall on the same segment
From: "Gabriel Orozco" <gabriel_orozco () mx sumida com>
Date: Wed, 10 Sep 2003 15:15:53 -0500
best way is to setup a bridge-firewall, where the firewall is acting like a bridge (layer 3) but sniffs packets (layer 4) and blocks those you tell it. with ipfw I have heard is very easy to do, in linux + iptables is also something used, but you need to activate a module and recompile the kernel to do that. other platforms I sincerelly don't know Regards ----- Original Message ----- From: "Fernando Serto" <fernando.serto () memetrics com> To: <security-basics () securityfocus com> Sent: Wednesday, September 10, 2003 1:08 AM Subject: firewall on the same segment
hi, I always installed firewalls to prevent access from internet to the
internal
network, or from one network to another, but I was asked to install a firewall ON the LAN, to deny access to a few boxes. for example, the
network
address is 192.168.100.0/24, firewall's ip is 192.168.100.1 and I need to block access to a specific server which ip is 192.168.100.3. I have to
allow
access only to a few users to this server. Is it possible to deploy using iptables? On this company, they're using fwbuilder to administer the firewall, I tried to block access from 192.168.100.4 to 192.168.100.3, but
I
couldn't... I can only deny access to the ips configured in the firewall. Thanks in advance. Cheers, Fernando --- Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.506 / Virus Database: 303 - Release Date: 1/08/2003 --------------------------------------------------------------------------
-
Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm --------------------------------------------------------------------------
--
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003 --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- firewall on the same segment Fernando Serto (Sep 10)
- Re: firewall on the same segment irado furioso com tudo (Sep 10)
- Re: firewall on the same segment Sebastian Schneider (Sep 10)
- Re: firewall on the same segment Dana Epp (Sep 10)
- Re: firewall on the same segment Preston Newton (Sep 10)
- Re: firewall on the same segment Ansgar Wiechers (Sep 10)
- RE: firewall on the same segment David Gillett (Sep 10)
- Re: firewall on the same segment Gabriel Orozco (Sep 10)
- <Possible follow-ups>
- RE: firewall on the same segment LordInfidel (Sep 10)