|
||||||||
Hi Falcor, On Tue, 2004-03-02 at 15:09, Falcor wrote: > Um, question. I have a VPN from one m0n0wall to another, works great. > In testing out some ACLs to limit access from one network to the other > (E.g. allow SSH to host 1, 2, 3, but no rules for hosts 4, 5, 6) > > I have the block rules in the firewall, under LAN interface, but that > did not work. I then tried WAN interface and no work. I am writing the > rules based on the network range of the remote network. > > So: > > Local network is 192.168.100.0 / 24 > remote network is 10.254.254.0/24 > > Rules state: > 1.) allow ICMP from 10.254.254.0/24 to 192.168.100.151 > 2.) Block all from 10.254.254.0/24 to * > > We have no blocking happening as our test host on the 10.254.254.0/\24 > network is able to access any and all TCP/UDP ports on all hosts. > > help! A VPN is a Virtual Private Network. It securely connects two machines, networks, or a machine and a network together across an insecure medium, such as the Internet. Because the machines on each end of the VPN are effectively completely networked together, there's no functionality in any VPN I've seen to filter this traffic out - a network is a network. :) If you want to limit access to particular machines, then the servers wishing the limited access need to have ACLs in place to only allow authorized machines to access their services - this is not the function of the VPN, per se. -- Regards, Hilton Travis Phone: +61-(0)7-3343-3889 Manager, Quark AudioVisual Phone: +61-(0)419-792-394 Quark Computers http://www.QuarkAV.com/ (Brisbane, Australia) http://www.QuarkAV.net/ Open Source Projects: http://www.ares-desktop.org/ http://www.mamboband.org/ Non Linear Video Editing Solutions & Digital Audio Workstations Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Conference and Seminar AudioVisual Production and Recording War doesn't determine who is right. War determines who is left. |