All of lore.kernel.org
 help / color / mirror / Atom feed
From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] SMB traffic routing/blocking...
Date: Wed, 04 May 2011 21:45:29 +0000	[thread overview]
Message-ID: <4DC1C8F9.1010000@riverviewtech.net> (raw)
In-Reply-To: <4DC1C569.3040705@bowenvale.co.nz>

On 05/04/11 16:30, Don Gould wrote:
> However I don't want people on 2.0 to be able to see computers in 3.0 or
> 4.0, etc.

What about 3.0 and 4.0 being able to see other subnets 2.0 / 4.0 and 2.0 
/ 3.0 (respectively)?

> I also don't want them to be able to establish windows networking
> connections -- so basically samba/smb connections.

Ok.

> However I do what 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24 to be
> able to use a NAS in 192.168.1.0/24.

Ok.

> So I need to drop some traffic unless it's heading to my NAS IP
> (192.168.1.2 for sake of argument).

Do you want to single out the NAS IP (192.168.1.2) specifically, or is 
the entire 1.0 network ok?  (This makes little difference, just asking 
for clarify.)

> I do want users in 192.168.x.0/24 to be able to see each other though.

Please elaborate on what you mean by "see each other".  What services do 
you want to allow to communicate?

Shooting from the hip, I'd say that you want a default of DROP (or 
REJECT at your preference) and allow traffic from 1.0 to the other 
networks 2.0 / 3.0 / 4.0 and stateful replies to said traffic.

This would isolate the 2.0 / 3.0 / 4.0 networks from each other but 
still allow them to communicate with the 1.0 network.



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

  reply	other threads:[~2011-05-04 21:45 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-04 21:30 [LARTC] SMB traffic routing/blocking Don Gould
2011-05-04 21:45 ` Grant Taylor [this message]
2011-05-04 22:11 ` Don Gould
2011-05-05 15:47 ` Grant Taylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DC1C8F9.1010000@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.