[ previous ] [ next ] [ threads ]
 
 From:  =?ISO-8859-1?Q?Hernan_Gonz=E1lez_-_Wizardes=2Ecom_?= <hard dot wizard at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: FW: [m0n0wall] Browse neighbourghood
 Date:  Thu, 26 May 2005 10:38:12 -0300 
Ok thats graeat , everything is clear now, thanks a lot .I hope I could help 
you anytime. Greetings from Argentina... bye

2005/5/26, Dennis Hoshield <dhosh at gaslightmedia dot com>: 
> 
> No problem
> 
> AP users would be able to see other AP users (I suppose this is up to how
> the AP is configured, and it's abilities), but AP users wouldn't be able 
> to
> see non-AP users. Kind of the same idea ... AP users are AP users before
> they get to the switch, so the switch can't do anything about it, managed 
> or
> not.
> 
> I can't say much about Squid, I've not set one up. I would think that if 
> it
> is a proxy server, it has 2 ethernets? One connected to the m0n0wall, and
> one connected to a switchport, that is a member of all the VLANS that you
> want to allow to go out to the Internet, using the proxy service.
> 
> Dennis
> 
> 
> Thanks a lot guys, you are very kind answering so quick. good to build a
> "community" like this.
> does this also apply for the AP ?? I mean if I do a VLAN preventing user 
> not
> 
> to see each other thorugh the switch , the ones connected to the AP will 
> not
> 
> see each other as well??
> One more , one FreeBSD I am running a Squid Proxy Web Cache, would they be
> able to cache their pages even when they are in the VLAN? Thans again ...
> 
> 2005/5/26, Dennis Hoshield <dhosh at gaslightmedia dot com>:
> >
> >
> > Hi, Hernan ...
> >
> > If the PC's are all connected together via a switch, then m0n0wall is 
> kind
> > of out of the picture as far as PC's seeing each other (or not). You 
> would
> > need to replace your switch with a managed switch, capable of at least
> > port
> > based VLANS. This effectively puts each port on an isolated segment. 
> They
> > can still see 'out' (to the m0n0wall), but can no longer see each other.
> > If
> > you do end up having a few that need to see each other in the future, 
> you
> > could put them on the same VLAN at the time. Easy to configure ..
> > especially the port based VLANS. We've used a (relatively) inexpensive
> > D-Link DES3226L for this. I think they were around $300.
> >
> > As it looks like you are laid out now, the 'view-ability' is inherent in
> > the
> > switch, before the packets reach the m0n0wall, so anything you do there
> > would have no effect.
> >
> > Good luck,
> > Dennis
> >
> > -----Original Message-----
> > From: Hernan González - Wizardes.com <http://Wizardes.com> <
> http://Wizardes.com> [mailto:
> > hard dot wizard at gmail dot com]
> > Sent: Thursday, May 26, 2005 8:31 AM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] Browse neighbourghood
> >
> > Hi everyone:
> > I have m0n0wall as firewall + NAT for a 12 PC network connected through 
> a
> > switch + AP
> > Internet---m0n0wall-------switch----- PCs (192.168.1.X) + FreeBSD
> > |
> > AP (192.168.1.X)
> > But I need users not to see any other PC,on the network, the switch is a
> > cheap 3Com switch, any idea?? thanks a lot
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> --
> Tel/Fax : +54-11-4711-9146
> MSN : wizardhard at hotmail dot com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Tel/Fax : +54-11-4711-9146
MSN : wizardhard at hotmail dot com