On 05/04/11 16:30, Don Gould wrote:
However I don't want people on 2.0 to be able to see computers in 3.0 or 4.0, etc.
What about 3.0 and 4.0 being able to see other subnets 2.0 / 4.0 and 2.0 / 3.0 (respectively)?
I also don't want them to be able to establish windows networking connections -- so basically samba/smb connections.
Ok.
However I do what 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24 to be able to use a NAS in 192.168.1.0/24.
Ok.
So I need to drop some traffic unless it's heading to my NAS IP (192.168.1.2 for sake of argument).
Do you want to single out the NAS IP (192.168.1.2) specifically, or is the entire 1.0 network ok? (This makes little difference, just asking for clarify.)
I do want users in 192.168.x.0/24 to be able to see each other though.
Please elaborate on what you mean by "see each other". What services do you want to allow to communicate?
Shooting from the hip, I'd say that you want a default of DROP (or REJECT at your preference) and allow traffic from 1.0 to the other networks 2.0 / 3.0 / 4.0 and stateful replies to said traffic.
This would isolate the 2.0 / 3.0 / 4.0 networks from each other but still allow them to communicate with the 1.0 network.
Grant. . . . _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
