EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 19 November 2024, 08:45:07 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Download the latest community FREE version
HERE
14258
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
Traffic LAN is not being firewalled
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Traffic LAN is not being firewalled (Read 8849 times)
jmz
Jr. Member
Offline
Posts: 1
Traffic LAN is not being firewalled
«
on:
Monday 26 November 2012, 03:42:05 am »
Hello,
I have installed Endian as a virtual machine under Proxmox. The idea is that Endian controls de the trafic of all Virtual Machines.
It is a simple setup:
Internet-> Endian (Virtual Machine)->LAN (virtual machines)
Everything seems to work perfectly but one strange thing:
Endian is not controlling the trafic betheen Virtual Machines. I mean, if traffic leaves VM 192.168.0.16 with destination to VM 192.168.0.17, Endian doesn't see that traffic as packets goes directly from 192.168.0.16 to 192.168.0.17 without passing through the gateway. So it is imposible to firewall the traffic INSIDE the LAN (Green zone). Any rule will be ignored as traffic doesn't travel trhough the firewall.
What I want is that all traffic between the green zone must go throuch Endian Gateway (192.168.0.15) before they arrive to destination. In the exmaple above will be:
192.168.0.16 -> 192.168.0.1 -> 192.168.0.17
I don't know if this is the normal setup or I have something missconfigured. But again, the rest of things are working perfectly.
How can I achive what I am looking for?
Thanks.
Logged
vazromju
Jr. Member
Offline
Posts: 5
Re: Traffic LAN is not being firewalled
«
Reply #1 on:
Thursday 29 November 2012, 09:36:24 am »
Hi.
Let's see if I can help you.
Before doing layer 3 (ip addressing) the computers use Layer 2
so, when a machine want to go from 192.168.0.17 to 192.168.0.16 it uses first layer 2 and says something like
"who has 192.168.0.16?" broadcasting the network in layer 2.
this machine .16 answers with its own mac address "aa:bb:cc:00:11:22" directly reachable without cross the firewall due it is in the same broadcast domain, and the layer 3 packet is directly delivered to this address.
I don't know Proxmox, but the only solution is creating a third network (orange or blue) and add the virtual machines to this network (.16) and a second network card to the efw, connected to the orange or blue, and activating the inter-zone firewall.
as I have written before, I don't know Proxmox functionality, in fact it is the first time I have heart about it but with vmware esxi it is possible to do the second option I have explained you, it works, and esxi hypervisor is free.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com