From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rene Gallati Date: Mon, 19 Jul 2004 13:27:04 +0000 Subject: Re: [LARTC] block ethernet IPv4 traffic Message-Id: <40FBCC28.5020600@draxinusom.ch> List-Id: References: <39685.217.79.71.234.1090239494.squirrel@217.79.71.234> In-Reply-To: <39685.217.79.71.234.1090239494.squirrel@217.79.71.234> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Lawrence MacIntyre wrote: > This will work as long as none of the clients are clued enough to add=20 > host routes or alias addresses. Yes, I assumed he were the admin of the site in question. If the clients=20 have full control over their systems then this is a no-go. Some linux boxes with bridges and bridge_filter might do the trick but=20 he'd need to put one of those basically in front of each switch port. I don't see an easy way to solve the problem. >=20 > Rene Gallati wrote: >=20 >> Anton Glinkov wrote: >> >>> On Mon, July 19, 2004 15:25, Ed Wildgoose said: >>> >>>> >>>>> the bridge thing is not possible.. the network is too big.. 300 >>>>> machines.. >>>>> with over 30 switches (only one of them is manageable) :( >>>>> Basically I want to deny ethertype 0800 (IPv4) packets for that LAN. >>>>> The only solution I thought of was to have a linux machine in this LAN >>>>> that has all the possible IP addresses set on its interface. >>>>> >>>>> >>>> >>>> Look, we can't help you until you explain the problem >>>> >>>> WHY is it not possible to have a bridge? This only requires two=20 >>>> network >>>> cards? >>> >>> >>> >>> >>> I want to block the traffic between _ANY_ 2 of the machines in the=20 >>> network. >> >> >> >> How about giving them a netmask of /32 instead of /24 (or whatever you=20 >> have) so that they only see themselves in the same network and then=20 >> giving them a static route to the default gw (since it is outside of=20 >> the /32). >> >> Then you can block all inter-client traffic at that single default=20 >> gateway (or one hop "in front" of it, seen from the clients) >> >> >=20 --=20 C U - -- ---- ----- -----/\/ Ren=E9 Gallati \/\---- ----- --- -- - _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/