The Questions is,I want to controll the traffic from LAN1 to LAN2 ,specifically I want to restrict some types of services to some of the
machines traffic moving from LAN1 to LAN2. can I achive this by a managed switch between LAN1 and LAN2,or some kind of software firewall,or
router??What is the better way to achive this??
It would be good if I can achive the above task without adding a networkcard to LAN1 machines,and also not adding the LAN 2 to firewall.
Bottom line is with minimun network changes I would like to get the result.
Since you say you want to restrict certain services, I presume you mean you want to block some ports but let others through. To do that you need something with packet filtering capabilites such as a firewall or a router between the two LANs. As you say, a software firewall might be a good bet. There are several Linux-based GNU licensed ones available on the web that you can install on a legacy PC. So all you'd need is an old PC, a couple of network cards and a bit of work
Yes you can use Coyote Linux.. or Smoothwall.. or just any Linux distro with iptables / netfilter support (pretty much every new one).. however if you use a non-firewall distro such as redhat etc.. make sure you select the 'router / firewall' minimum installation option in the setup, otherwise you'll have a firewall loaded with a whole lot of other stuff that you'll have to turn off.
Well, I recommend IPCop.
Put LAN 1 on Green interface, LAN2 on Orange interface, and internet connection on Red. Simple enough to forward ports etc from one to the other but green gets to access everything whereas orange is still firewalled off from green... give it a try. To give you an idea, I'm running a good few machines off a 1 meg connection through an IPCop machine with 64meg ram and a P2-266 processor. Things are actually speeded up by it and added bonuses include built in proxies and dns server etc etc.