Re: [Fwbuilder-discussion] Problem with Deny Rule with-in the same network.
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Problem with Deny Rule with-in the same network.
|
From: Steve L. <ste...@sc...> - 2005-01-28 14:19:20
|
ummm.... maybe I am missing something obvious here, but unless the traffic
passes *through* the firewall itself, it cannot apply deny rules. If your
two DMZ machines are on the same subnet (i.e next to each other, plugged
into the same hub/switch), the traffic between the two will just pass across
the Hub/Switch, and not via the firewall at all.
as an example, if:
Server1 = 192.168.0.1
Server2 = 192.168.0.2
and they are both located on the 192.168.0/24 subnet, then the firewall will
never be able to see or act upon any traffic between Server1 and Server2.
What you are trying to do is not possible... not because of any limitation
in fwbuilder, but due to basic networking. Unless traffic is passing
*through* the firewall host (being used as a router), then the firewall will
ot be able to apply the rules you want.
If you do not want the two machines on the same subnet to be able to
communicate with each other, then you need to be looking at a host based
firewall solution.
(You will have to excuse me if it is myself who is missing something
obvious..)
Steve
----- Original Message -----
From: "Svavar Örn Eysteinsson" <sv...@at...>
To: "Steve Loughran" <ste...@sc...>;
<fwb...@li...>
Sent: Friday, January 28, 2005 1:25 PM
Subject: RE: [Fwbuilder-discussion] Problem with Deny Rule with-in the same
network.
Yes.
Trying to deny host1 to have connections to host2.
No I'm not running in Bridge Mode.
?
Bestu kveðjur / Best regards,
Svavar Örn Eysteinsson
________________________________
From: fwb...@li... on behalf of Steve
Loughran
Sent: mið. 26.1.2005 18:50
To: fwb...@li...
Subject: Re: [Fwbuilder-discussion] Problem with Deny Rule with-in the same
network.
Are you saying that you are trying to deny access between two hosts on the
same subnet?
Are you running fwbuilder in bridge mode?
Steve
----- Original Message -----
From: "Svavar Örn Eysteinsson" <sv...@at...>
To: <fwb...@li...>
Sent: Wednesday, January 26, 2005 10:52 AM
Subject: [Fwbuilder-discussion] Problem with Deny Rule with-in the same
network.
> Hi.
> I'm having a trouble dropping packets from some machines located at my
> DMZ, to another servers
> on the DMZ network. (e.g. The same DMZ network).
> In my policy list I have the following rules :
>
>
> Source Dest Service Action
> .
> .
> .
> .
> 16. DMZ-Network Local-LAN Any Reject
> 17. Firewall Any Any Accept
> 18. SomeDMZServer Any ICMP,http Accept
> 19. SomeDMZServer2 Any ICMP,http Accept
> 20. DMZNetwork mailserver smtp Accept
> 21. Any Any Any Deny (catch-all-rule)
>
> I have tried to put some deny rule from SomeDMZServer to SomeDMZServer2
> after the Accept rules.
> But nothing happens. For a example I inserted the following rule :
>
>
> --> 21. SomeDMZServer SomeDMZServer2 Any Deny
> 22. Any Any Any Deny (catch-all-rule)
>
>
>
> Then I tried to ping the SomeDMZServer from within the SomeDMZServer, and
> the ping worked.
> I have tried so many rules, but nothing happens.
> Any help would be very appreciated. :0)
> Thanks for your time.
> Best regards,
> Svavar Orn
> Reykjavik - Iceland
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
> Tool for open source databases. Create drag-&-drop reports. Save time
> by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
> Download a FREE copy at http://www.intelliview.com/go/osdn_nl
> _______________________________________________
> Fwbuilder-discussion mailing list
> Fwb...@li...
> https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Fwbuilder-discussion mailing list
Fwb...@li...
https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
|