Re: SMB traffic routing/blocking...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 05/04/11 16:30, Don Gould wrote:
However I don't want people on 2.0 to be able to see computers in 3.0 or
4.0, etc.

What about 3.0 and 4.0 being able to see other subnets 2.0 / 4.0 and 2.0 / 3.0 (respectively)?

I also don't want them to be able to establish windows networking
connections -- so basically samba/smb connections.


However I do what,, to be
able to use a NAS in


So I need to drop some traffic unless it's heading to my NAS IP
( for sake of argument).

Do you want to single out the NAS IP ( specifically, or is the entire 1.0 network ok? (This makes little difference, just asking for clarify.)

I do want users in 192.168.x.0/24 to be able to see each other though.

Please elaborate on what you mean by "see each other". What services do you want to allow to communicate?

Shooting from the hip, I'd say that you want a default of DROP (or REJECT at your preference) and allow traffic from 1.0 to the other networks 2.0 / 3.0 / 4.0 and stateful replies to said traffic.

This would isolate the 2.0 / 3.0 / 4.0 networks from each other but still allow them to communicate with the 1.0 network.

Grant. . . .
LARTC mailing list

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux