Firewall na VLAN-routingu
Napsal: 25 Jul 2014 15:49
Ahoj, nedari se me nakonfigurovat nasledujici
ethernet10 - vlan 383 - WAN port - 2x verejna IP adresa
ethernet9 - 2x VLAN - rozsah vlan 1 - 10.0.0.0/24 vlan40 - 172.16.0.0/24
na obou je nastaven NAT
0 chain=srcnat action=src-nat to-addresses=x.x.x.1
src-address=10.0.0.0/24 out-interface=vlan383
1 chain=srcnat action=src-nat to-addresses=x.x.x.2
src-address=172.16.0.0/24 out-interface=vlan383
vysledkem je jednoduchy filtr kde lide z adres 172.16.0.0/24 nemuzou jinam nez do netu tedy chci zakazat pristup do interni site 10.0.0.0/24
zkousel jsem napriklad toto:
8 chain=forward action=reject reject-with=icmp-network-unreachable
src-address=172.16.0.0/24 dst-address=10.0.0.0/24
a nic, porad mam ping a pristup
Diky za pomoc
ethernet10 - vlan 383 - WAN port - 2x verejna IP adresa
ethernet9 - 2x VLAN - rozsah vlan 1 - 10.0.0.0/24 vlan40 - 172.16.0.0/24
na obou je nastaven NAT
0 chain=srcnat action=src-nat to-addresses=x.x.x.1
src-address=10.0.0.0/24 out-interface=vlan383
1 chain=srcnat action=src-nat to-addresses=x.x.x.2
src-address=172.16.0.0/24 out-interface=vlan383
vysledkem je jednoduchy filtr kde lide z adres 172.16.0.0/24 nemuzou jinam nez do netu tedy chci zakazat pristup do interni site 10.0.0.0/24
zkousel jsem napriklad toto:
8 chain=forward action=reject reject-with=icmp-network-unreachable
src-address=172.16.0.0/24 dst-address=10.0.0.0/24
a nic, porad mam ping a pristup
Diky za pomoc