Hmm, there should be easier way... how do the commercial hotspots do that?
Like D-Link? They don't use VLANS and they don't require u to have a managed
switch either...



-----Original Message-----
From: Aaron Cherman [mailto:aaronc at morad dot ab dot ca] 
Sent: Sunday, April 16, 2006 5:00 PM
To: Monowall Support List
Subject: Re: [m0n0wall] Bloking NetBios


----- Original Message ----- 
From: "Alex M" <radiussupport at lrcommunications dot net>
To: "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, April 16, 2006 2:00 PM
Subject: [m0n0wall] Bloking NetBios


>I was trying to hide every computer on the network so I set rule for LAN to
> LAN block ports UDP 137, 138   TCP 139, 445.  I moved thise tules to the
> higher priority then allow any to any, but all comps still can see each
> other, why? What should I do?
>

The rules only work on traffic that is passing through m0n0wall.  If you 
have your PCs connected to a switch before the m0n0wall then of course they 
will see each other - the traffic never reaches or goes through m0n0wall. 
LAN to LAN will not work because this local traffic does not pass through 
the m0n0wall.  if you want to do this you need to use VLANs or separate 
physical interfaces for each PC.  Another option is to use a managed switch 
on which you can set up port segregation or port based VLANs.


Aaron 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch