[ previous ] [ next ] [ threads ]
 
 From:  "Dennis Hoshield" <dhosh at gaslightmedia dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: FW: [m0n0wall] Browse neighbourghood
 Date:  Thu, 26 May 2005 09:15:36 -0400
No problem

AP users would be able to see other AP users (I suppose this is up to how
the AP is configured, and it's abilities), but AP users wouldn't be able to
see non-AP users.  Kind of the same idea ... AP users are AP users before
they get to the switch, so the switch can't do anything about it, managed or
not. 

I can't say much about Squid, I've not set one up.  I would think that if it
is a proxy server, it has 2 ethernets?  One connected to the m0n0wall, and
one connected to a switchport, that is a member of all the VLANS that you
want to allow to go out to the Internet, using the proxy service.

Dennis


Thanks a lot guys, you are very kind answering so quick. good to build a 
"community" like this.
does this also apply for the AP ?? I mean if I do a VLAN preventing user not

to see each other thorugh the switch , the ones connected to the AP will not

see each other as well?? 
One more , one FreeBSD I am running a Squid Proxy Web Cache, would they be 
able to cache their pages even when they are in the VLAN? Thans again ... 

 2005/5/26, Dennis Hoshield <dhosh at gaslightmedia dot com>: 
> 
> 
> Hi, Hernan ...
> 
> If the PC's are all connected together via a switch, then m0n0wall is kind
> of out of the picture as far as PC's seeing each other (or not). You would
> need to replace your switch with a managed switch, capable of at least 
> port
> based VLANS. This effectively puts each port on an isolated segment. They
> can still see 'out' (to the m0n0wall), but can no longer see each other. 
> If
> you do end up having a few that need to see each other in the future, you
> could put them on the same VLAN at the time. Easy to configure ..
> especially the port based VLANS. We've used a (relatively) inexpensive
> D-Link DES3226L for this. I think they were around $300.
> 
> As it looks like you are laid out now, the 'view-ability' is inherent in 
> the
> switch, before the packets reach the m0n0wall, so anything you do there
> would have no effect.
> 
> Good luck,
> Dennis
> 
> -----Original Message-----

> hard dot wizard at gmail dot com]
> Sent: Thursday, May 26, 2005 8:31 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Browse neighbourghood
> 
> Hi everyone:
> I have m0n0wall as firewall + NAT for a 12 PC network connected through a
> switch + AP
> Internet---m0n0wall-------switch----- PCs (192.168.1.X) + FreeBSD
> |
> AP (192.168.1.X)
> But I need users not to see any other PC,on the network, the switch is a
> cheap 3Com switch, any idea?? thanks a lot
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Tel/Fax : +54-11-4711-9146
MSN : wizardhard at hotmail dot com