[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] network connection problem with an HP 2424M switch and m0n0wall
 Date:  Tue, 25 Jul 2006 12:27:08 -0400
On 7/25/06, Eugen Leitl <eugen at leitl dot org> wrote:
>
> I have an unrelated question:

As someone else said, don't hijack threads.  Whether your question is
related or not, it's never appropriate to throw a second question into
a thread.


> to 1) use the mini-ITX system to protect any system but the switch
> IP

yes.  You can also protect the switch's IP by setting up a dedicated
management VLAN.  All decent switches support this.


> 2) by removing the VLANs I should be able to recover from a
> misconfigured or defect firewall.
>

No.  When you have VLAN's, it's the same as having a bunch of
individual switches.  Different broadcast domains, and different IP
subnets on each.  If there isn't anything to route between them, your
network is dead.



> If I do the above, can I still do VLAN isolation of each
> individual host on the switch? (how?)
>

Depending on what kind of switch, you may be able to put all hosts in
a single VLAN and prevent them from talking to each other (google
PVLAN, and/or check out the docs for your switch).

-Chris