Skip to main content

LAN Connections

More
20 years 19 hours ago #3637 by Savish
LAN Connections was created by Savish
Hi

We have 2 Local Lans LAN1 = 192.168.0.0/24(Development) LAN2 = 192.168.100.0/24(production)

LAN1 machies have one network card with 2 IP'S one in 192.168.0.0/24 network with Default Gateway 192.168.0.1(Firewall) and other in

192.168.100.0/24 network , LAN1 is behind the NAT getting internet acceess from firewall.

LAN2 machines have 2 network cards one with IP in 192.168.100.0/24 and other is public IP with default Gateway pointing to the Firewall(same

as the above)

LAN1 and LAN2 are connected through a Managed switch,so all the LAN1 machines can access the LAN2 machines since LAN1 machines have 2 IPS

This works fine.

Example ipconfig of one of the machine in LAN1 looks like as follows

IP Address. . . . . . . . . . . . : 192.168.100.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.0.55
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1


The Questions is,I want to controll the traffic from LAN1 to LAN2 ,specifically I want to restrict some types of services to some of the

machines traffic moving from LAN1 to LAN2. can I achive this by a managed switch between LAN1 and LAN2,or some kind of software firewall,or

router??What is the better way to achive this??

It would be good if I can achive the above task without adding a networkcard to LAN1 machines,and also not adding the LAN 2 to firewall.
Bottom line is with minimun network changes I would like to get the result.

Any help is greately appriciated


Thanks
Vishnu
More
19 years 11 months ago #3688 by TheBishop
Replied by TheBishop on topic Network Changes
Since you say you want to restrict certain services, I presume you mean you want to block some ports but let others through. To do that you need something with packet filtering capabilites such as a firewall or a router between the two LANs. As you say, a software firewall might be a good bet. There are several Linux-based GNU licensed ones available on the web that you can install on a legacy PC. So all you'd need is an old PC, a couple of network cards and a bit of work
More
19 years 11 months ago #3689 by sahirh
Replied by sahirh on topic Re: LAN Connections
Yes you can use Coyote Linux.. or Smoothwall.. or just any Linux distro with iptables / netfilter support (pretty much every new one).. however if you use a non-firewall distro such as redhat etc.. make sure you select the 'router / firewall' minimum installation option in the setup, otherwise you'll have a firewall loaded with a whole lot of other stuff that you'll have to turn off.


Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 11 months ago #3941 by gastra
Replied by gastra on topic Re: LAN Connections
Well, I recommend IPCop. www.ipcop.org Put LAN 1 on Green interface, LAN2 on Orange interface, and internet connection on Red. Simple enough to forward ports etc from one to the other but green gets to access everything whereas orange is still firewalled off from green... give it a try. To give you an idea, I'm running a good few machines off a 1 meg connection through an IPCop machine with 64meg ram and a P2-266 processor. Things are actually speeded up by it and added bonuses include built in proxies and dns server etc etc.
More
19 years 11 months ago #3946 by sahirh
Replied by sahirh on topic Re: LAN Connections
IPCop is a code-fork of Smoothwall.. so they are pretty much identical.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.171 seconds