Re: Router security issue

From: tugrul34tr@xxxxxxxxx
Date: Fri, 24 Oct 2008 07:15:43 -0700 (PDT)

On Oct 23, 2:27 am, meow2...@xxxxxxxxx wrote:

Hi

I've just found this group, and I hope you can help me figure this
out. I want to set up a router with firewall so that its not possible
for a handful of computers all connected to DSL to see each other,
even if one tries to do something naughty.

Although I'm au fait with win, networking is one area I've had little
experience with.

The end user machines will be assorted specs & OSes, mostly win 98/xp/
vista. The network is all cat5e wired, with cable internet.

thanks, NT

if i got it right, you mean, you want the hosts in your local network
not to be able even ping each other except the gateway-DSL router-
modem (or just the router ip)

if so, you don't need a firewall, you need an access control mechanism
(it may be called firewall, but not exactly)

if you obtain a basic cisco router with two fastetherent port; you can
apply the access list rules below:

1) first of all; suppose that fasteth 1 is your wan (DSL modem) site
and fasteth 2 is your local network site:

2) suppose that your local network range is 192.168.1.0 / 24
(255.255.255.0) and gateway is 192.168.1.1

3) enter the commands in cli below:

router(config)# access list 10 permit ip any host 192.168.1.1
router(config)# access list 10 deny ip any 192.168.1.0 0.0.0.255
router(config)# access list 10 permit ip any any
router(config)# interface fastethernet 2
router(config-if)# ip access-group 10 in

--------------------------------------------------------------------

the first line allows the packets destined to gateway (if this rule is
matched, then the second line rule is ignored)
the second line drops the packets destined to local network
the third line allows other packets wherever they are destined to
the fifth line command applies the access list 10 to the fastethernet
interface 2 (may be 1/2) for inbound traffic to that interface.

sorry not to mention other basic configs for router such as ip
address, no shut etc.

the other solution for your problem you can use a computer which runs
linux with two eth card and deploy it as a router between your local
netw. and dsl modem.
then you have to write a script with IPTABLES as access control like
the one above.

good luck
.

References:
- Router security issue
  - From: meow2222

Prev by Date: Re: Do not use Port 24032 for P2P
Next by Date: Re: Do not use Port 24032 for P2P
Previous by thread: Router security issue
Index(es):
- Date
- Thread

Relevant Pages

Re: ATTN Tony Whitmore please
... I've not used your router before, but I've just been looking up ... that the router is configured with ports 80 and 23 open on the public ... log into your router using the ARM interface. ... telnet and http access to just your local network. ...
(comp.security.firewalls)
Re: [SLE] Routing
... >> Any advice on when it is, and isn't, appropriate to turn on IP Forwarding? ... > interface workstation is a router - it must know when to put stuff to another ... > goes out of the single interface. ... * If you have more than one PC in your local network but only one directly ...
(SuSE)
Re: Wanting to place my hosted web on my server
... Or My son is on that network where the server ... >> the router setup page. ... From outside the local network there may be some ... >> one with port 80 open. ...
(microsoft.public.windows.server.dns)
Re: Cant Connect Remote Desktop From Outside Network -- DSL Modem
... on my local network. ... I have the VOIP Router DMZ-ing to the Wireless Router and the proper ports ... my DSL modem is "Microsoft DSL 1000". ...
(microsoft.public.windowsxp.network_web)
Re: Cant Connect Remote Desktop From Outside Network -- DSL Modem
... on my local network. ... I have the VOIP Router DMZ-ing to the Wireless Router and the proper ports ... I just can't connect to the host computer from outside my network. ... can you at least pass the RDP port test? ...
(microsoft.public.windowsxp.network_web)