[ previous ] [ next ] [ threads ]
 
 From:  "Sean Waite" <swaite at sbn dash services dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Ideas for 2nd LAN security
 Date:  Tue, 27 Dec 2005 10:24:48 -0600
I am in the process of setting up a second LAN (Wireless) using m0n0wall to bridge them. The first
is the regular local LAN, the second
being just an access point to connect to one specific webserver within the first LAN.

I have done two different configs of m0n0wall, one allowing DNS and the other rejecting DNS. Ideally
with the secure config we want to
be able to connect to this specific internal webserver only. At the moment we can only access other
computers on the first LAN by using
the IP address. Same goes for accessing the internet. 

Any ideas on how I could lock this down some more? One idea I had, since the WAN interface is
static, I could set the gateway to use
just the internal website's IP address. But as for blocking the first LAN, I would have to block
whatever ports Windows uses for LAN
communication which seems to be kind of difficult to narrow down. 

One option could be to just block all ports above 80, but for some reason that seems a little too
restrictive. 

Any ideas or thoughts would be appreciated.


Sean Waite