[ previous ] [ next ] [ threads ]
 
 From:  Melvin Backus <melvin at sleepydragon dot net>
 To:  Robert Bialecki <robert at mpiwifi dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall Quiestion
 Date:  Wed, 26 Jan 2005 14:40:57 -0500
OK, think about it a little differently.  The WAN side of your m0n0, the 
internet, is like the water line in your house.  Your m0n0 box is a 
faucet.  All the lan machines are in the bath tub, and m0n0 can control 
what gets into the tub, but how would you expect to keep the water in 
one part of the tub from mixing with another part?  If you create 
separate tubs, then you can do it, but in order to do that, you have 
created separate lans.  VLANs might work if your equipment supports it, 
or multiple interfaces on m0n0 would support it, but each machine would 
have to be on a separate lan, otherwise, they all get to see everything 
else.  By definition, only traffic which is on a different subnet goes 
to the gateway (m0n0).  Everything else goes directly from machine to 
machine.

 Robert Bialecki wrote:

> What about if monowall LAN is as wireless AP then you should be able 
> to control traffic using monowall`s firewall ?
>
>
> ----- Original Message ----- From: "Peter Curran" 
> <lists at closeconsultants dot com>
> To: "Robert Bialecki" <robert at mpiwifi dot com>; <m0n0wall at lists dot m0n0 dot ch>
> Sent: Wednesday, January 26, 2005 12:11 PM
> Subject: Re: [m0n0wall] Firewall Quiestion
>
>
>> OK - I am on a roll and will give Chris a rest for tonight :-)
>>
>> On Wednesday 26 January 2005 18:43, Robert Bialecki wrote:
>>
>>> Hi,
>>>
>>> What rule should I use to stop comunication between clients on lan?
>>> A client should only be able to go to the gateway (monowall) and not be
>>> able to comunicate on any port with any other client on lan.
>>>
>> You can't.  If all your clients are on the same LAN then they can 
>> chatter away
>> to each other and there is not a damn thing m0n0wall can do about it.
>>
>> In order to impose a security policy any firewall must be placed 
>> between the
>> communicating systems to filter the traffic.
>>
>> Peter
>>
>> -- 
>> ---------------------------------------------------------------------------- 
>>
>> Peter Curran   Leveraging Internet Technology
>> Close Consultants        for Businesses
>> p: +44-1225-463700
>> f: +44-1225-463705
>> e: peter at closeconsultants dot com
>> sip: peter at closeconsultants dot com
>


-- 
Melvin Backus
Principal Wizard
Sleepy Dragon Enterprises
--
Do not meddle in the affairs of dragons, for 
you are crunchy, and taste good with ketchup!
--