Firewall Wizards mailing list archives
Re: Is it possible to control access between clients on same LAN with a firewall?
From: Paul Melson <pmelson () gmail com>
Date: Tue, 26 Jan 2010 07:04:14 -0500
On Mon, Jan 25, 2010 at 11:21 AM, William Fitzgerald <wfitzgerald () 4c ucc ie> wrote:
I was just wondering how people control access amongst machines on the same subnet (LAN) that are protected by the same firewall. In my case, the firewall is a home router (WRT54G) running DD-WRT, so iptables is the firewall there.
With DD-WRT you can assign a different VLAN to each interface of the router and then use iptables rules to manage traffic between devices. This requires either a high degree of customization of your router or the use of static IP addressing on some of the VLANs. Which for a home network may not be so bad. Keep in mind that if you uplink other switches to the router that the firewall cannot protect two devices connected to that switch from each other. This also applies to wireless devices connected to the router. The way I would solve this problem in a larger network would be to use the switching infrastructure to force communication to the router (firewall) and not allow local subnet communication. Cisco calls this Private VLANs, and they are great for use on DMZ networks where its important that communication between hosts on that network be restricted and monitored. More on that here: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml PaulM _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Is it possible to control access between clients on same LAN with a firewall? William Fitzgerald (Jan 25)
- Re: Is it possible to control access between clients on same LAN with a firewall? arvind doraiswamy (Jan 26)
- Re: Is it possible to control access between clients on same LAN with a firewall? Eric Gearhart (Jan 26)
- Re: Is it possible to control access between clients on same LAN with a firewall? Mark (Jan 26)
- Re: Is it possible to control access between clients on same LAN with a firewall? Paul Melson (Jan 26)
- Re: Is it possible to control access between clients on same LAN with a firewall? K K (Jan 27)
- Re: Is it possible to control access between clients on same LAN with a firewall? Will Brickles (Jan 27)
- Message not available
- Re: Is it possible to control access between clients on same LAN with a firewall? William Fitzgerald (Jan 27)
- Re: Is it possible to control access between clients on same LAN with a firewall? Paul D. Robertson (Jan 27)
- Re: Is it possible to control access between clients on same LAN with a firewall? pkc_mls (Jan 28)