Google
  Web www.spinics.net

Re: SMB traffic routing/blocking...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 05/04/11 16:30, Don Gould wrote:
However I don't want people on 2.0 to be able to see computers in 3.0 or
4.0, etc.

What about 3.0 and 4.0 being able to see other subnets 2.0 / 4.0 and 2.0 / 3.0 (respectively)?

I also don't want them to be able to establish windows networking
connections -- so basically samba/smb connections.

Ok.

However I do what 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24 to be
able to use a NAS in 192.168.1.0/24.

Ok.

So I need to drop some traffic unless it's heading to my NAS IP
(192.168.1.2 for sake of argument).

Do you want to single out the NAS IP (192.168.1.2) specifically, or is the entire 1.0 network ok? (This makes little difference, just asking for clarify.)

I do want users in 192.168.x.0/24 to be able to see each other though.

Please elaborate on what you mean by "see each other". What services do you want to allow to communicate?

Shooting from the hip, I'd say that you want a default of DROP (or REJECT at your preference) and allow traffic from 1.0 to the other networks 2.0 / 3.0 / 4.0 and stateful replies to said traffic.

This would isolate the 2.0 / 3.0 / 4.0 networks from each other but still allow them to communicate with the 1.0 network.



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux