Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: LAN Connections

LAN Connections 12 years 4 months ago #3637

  • Savish
  • Savish's Avatar
  • Offline
  • New Member
  • Posts: 4
  • Karma: 0
Hi

We have 2 Local Lans LAN1 = 192.168.0.0/24(Development) LAN2 = 192.168.100.0/24(production)

LAN1 machies have one network card with 2 IP'S one in 192.168.0.0/24 network with Default Gateway 192.168.0.1(Firewall) and other in

192.168.100.0/24 network , LAN1 is behind the NAT getting internet acceess from firewall.

LAN2 machines have 2 network cards one with IP in 192.168.100.0/24 and other is public IP with default Gateway pointing to the Firewall(same

as the above)

LAN1 and LAN2 are connected through a Managed switch,so all the LAN1 machines can access the LAN2 machines since LAN1 machines have 2 IPS

This works fine.

Example ipconfig of one of the machine in LAN1 looks like as follows

IP Address. . . . . . . . . . . . : 192.168.100.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.0.55
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1


The Questions is,I want to controll the traffic from LAN1 to LAN2 ,specifically I want to restrict some types of services to some of the

machines traffic moving from LAN1 to LAN2. can I achive this by a managed switch between LAN1 and LAN2,or some kind of software firewall,or

router??What is the better way to achive this??

It would be good if I can achive the above task without adding a networkcard to LAN1 machines,and also not adding the LAN 2 to firewall.
Bottom line is with minimun network changes I would like to get the result.

Any help is greately appriciated


Thanks
Vishnu
The administrator has disabled public write access.

Network Changes 12 years 4 months ago #3688

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Since you say you want to restrict certain services, I presume you mean you want to block some ports but let others through. To do that you need something with packet filtering capabilites such as a firewall or a router between the two LANs. As you say, a software firewall might be a good bet. There are several Linux-based GNU licensed ones available on the web that you can install on a legacy PC. So all you'd need is an old PC, a couple of network cards and a bit of work
The administrator has disabled public write access.

Re: LAN Connections 12 years 4 months ago #3689

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Yes you can use Coyote Linux.. or Smoothwall.. or just any Linux distro with iptables / netfilter support (pretty much every new one).. however if you use a non-firewall distro such as redhat etc.. make sure you select the 'router / firewall' minimum installation option in the setup, otherwise you'll have a firewall loaded with a whole lot of other stuff that you'll have to turn off.


Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: LAN Connections 12 years 3 months ago #3941

  • gastra
  • gastra's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Well, I recommend IPCop. www.ipcop.org Put LAN 1 on Green interface, LAN2 on Orange interface, and internet connection on Red. Simple enough to forward ports etc from one to the other but green gets to access everything whereas orange is still firewalled off from green... give it a try. To give you an idea, I'm running a good few machines off a 1 meg connection through an IPCop machine with 64meg ram and a P2-266 processor. Things are actually speeded up by it and added bonuses include built in proxies and dns server etc etc.
The administrator has disabled public write access.

Re: LAN Connections 12 years 3 months ago #3946

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
IPCop is a code-fork of Smoothwall.. so they are pretty much identical.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup