EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 01 December 2024, 06:49:04 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
restrict access between hierarchical networks
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: restrict access between hierarchical networks (Read 12743 times)
dimicool
Jr. Member
Offline
Posts: 6
restrict access between hierarchical networks
«
on:
Friday 18 November 2011, 02:14:29 am »
I'm trying (but failing) to set up following architecture:
I'll leave out the unimportant details,
I have a router A that 's connected to the cable modem, (192.168.1.1), this one feeds network A with IPs.
One of the PCs in that network (192.168.1.111 - with 2 NICs) has a Virtual Machine (this makes the whole thing tricky) running with Endian.
This Endian (router B) (10.1.1.1 on GREEN and 192.168.200 on RED) feeds a subsidiary network.
Now, by default ,pc 's like 192.168.1.200 can access pc's like 10.1.1.200 and vice versa.
This is what I want to change. Ideally, I would like 10.1.1.200 to connect/see/browse 192.168.1.200 but NOT the other way around.
Is this possible ?
If not, how can I (simply) block both ways ?
Thanks to the network gurus for any advice !!
grtz,
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: restrict one-way access between networks
«
Reply #1 on:
Friday 18 November 2011, 02:55:13 am »
By creating rules on outgoing firewall you can allow one-way traffic from GREEN to RED. It's more difficult creating rules from RED to GREEN, and I don't recommend them for that setup.
Endian rules are one way rules. This means you can allow some traffic to one direction, but not the opposite.
I.e. You have a web server (TCP port 80) on ORANGE zoe, and you want that your ppl at GREEN zone can use it.
Simply create a rule with source GREEN, dest ORANGE and allowing the TCP Port 80.
The web server can't reach clients (as it's on ORANGE zone), but clients can use the webserver.
Just search for the ports you need to use, and create the correct rules.
Logged
dimicool
Jr. Member
Offline
Posts: 6
Re: restrict one-way access between networks
«
Reply #2 on:
Friday 18 November 2011, 03:02:54 am »
Thanks for your reply, I 'm trying to take in your suggestions ..
However,
- I don't have ORANGE (can't choose it)
- am not talking about http on 80 but real file/network access.
Really could use some guidance, it has been a long time, and I 'm honestly a bit confused with the fact that the endian isn't real machine...
The Windows box (host of Endian VM) has the 2 NICs, each of them has an IP.
What I 'm confused about is also that from the 192.168.1.1 point of view the Win BOX has IP 192.168.1.111, but the RED on ENDIAN has 192.168.1.200
Logged
dimicool
Jr. Member
Offline
Posts: 6
Re: restrict one-way access between networks
«
Reply #3 on:
Saturday 19 November 2011, 12:12:49 am »
I'm still struggling with this ..
I made a simple draft on how the setup looks like ..
I made it difficult by putting the Endian in a VM inside a server with 2 NICs (but that's only way )
So my surprise, the host (Windows) also can use the 10.1.1.1 IP, because of this it can access the PCs in group B.
The goal is to restrict access between network A and network B.
thanks for any tips !!!
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: restrict access between hierarchical networks
«
Reply #4 on:
Saturday 19 November 2011, 03:56:11 am »
Computers in group A can't access computers in group B, as they are on RED zone.
Depending on your rules, A can reach B.
If the host can access B, it's because you added it to B. It probably has some NIC with an IP of subnet B. Remember that VM hosts doesn't need to be on the same subnets that guest machines. You perfectly can remove the IP of B subnet on host, and your guest keep working.
Logged
dimicool
Jr. Member
Offline
Posts: 6
Re: restrict access between hierarchical networks
«
Reply #5 on:
Monday 21 November 2011, 11:25:46 pm »
just an update in cause one would think that silence == solution.... I still didn't resolve this..
I can get my around it and the more I fiddle the more I mess up .
btw, PC in group A
DO CAN
access group B (to my surprise)
I"m sure it's a subnet config issue somewhere ..
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.11 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com