[fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: William Fitzgerald <wfitzgerald@xxxxxxxxx>
- Date: Mon, 25 Jan 2010 16:21:59 +0000
Dear all,
I was just wondering how people control access amongst machines on the same subnet (LAN) that are protected by the same firewall.
In my case, the firewall is a home router (WRT54G) running DD-WRT, so iptables is the firewall there.
Presumably as with all firewalls, once a packet is not being sent to the firewall itself or forwarded through the firewall towards another network, the firewall will not protect machines behind the firewall from each other. Perhaps as a result of the built-in switch, packets don't get up to layer 3 and so the firewall is oblivious to inter-LAN packet traffic.
It would be nice to be able to restrict some LAN clients from talking to each other, perhaps by layer 3 filtering. For example, it may make sense to prohibit the network printer from talking to a web server and vice versa.
Is there away to force/make it easier for the firewall to inspect inter-LAN packets. Perhaps examining packets at layer 2 could capture this.
I understand that one solution would be to install a local firewall on each machine.
This is just a general question, so that I might better understand the area of "inter-LAN" protection.
While it may be possible to have a firewall to not just protect traffic from Internet to LAN and LAN to Internet but also LAN to LAN, it may not be a practical thing to do.
Any comments or insights are welcomed.
regards,
Will.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: pkc_mls
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: Paul D. Robertson
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: Will Brickles
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: K K
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: Paul Melson
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: Mark
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: Eric Gearhart
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- From: arvind doraiswamy
- Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- Prev by Date: Re: [fw-wiz] Juniper NSM and secure log forwarding
- Next by Date: Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- Previous by thread: [fw-wiz] Juniper NSM and secure log forwarding
- Next by thread: Re: [fw-wiz] Is it possible to control access between clients on same LAN with a firewall?
- Index(es):
Relevant Pages
|
