From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 16:57:50 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87013106564A for ; Mon, 5 Jul 2010 16:57:50 +0000 (UTC) (envelope-from dkelly@Grumpy.DynDNS.org) Received: from amavis-smtp.knology.net (amavis-smtp.knology.net [75.76.199.6]) by mx1.freebsd.org (Postfix) with ESMTP id 5FE4B8FC0C for ; Mon, 5 Jul 2010 16:57:50 +0000 (UTC) Received: from localhost (amavis-smtp [127.0.0.1]) by amavis-smtp.knology.net (Postfix) with ESMTP id A9CDB88688; Mon, 5 Jul 2010 12:57:48 -0400 (EDT) Received: from smtp12.knology.net ([75.76.199.9]) by localhost (amavis-smtp.knology.net [75.76.199.6]) (amavisd-new, port 10024) with LMTP id aa4qnPBtNET8; Mon, 5 Jul 2010 12:57:48 -0400 (EDT) Received: from Grumpy.DynDNS.org (unknown [24.42.224.110]) by smtp12.knology.net (Postfix) with ESMTP id 9E9145200014; Mon, 5 Jul 2010 12:57:42 -0400 (EDT) Received: by Grumpy.DynDNS.org (Postfix, from userid 928) id 898B32841F; Mon, 5 Jul 2010 11:57:46 -0500 (CDT) Date: Mon, 5 Jul 2010 11:57:46 -0500 From: David Kelly To: Modulok Message-ID: <20100705165746.GB10990@Grumpy.DynDNS.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i Cc: freebsd-questions@freebsd.org Subject: Re: VLANs is this right? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2010 16:57:50 -0000 On Mon, Jul 05, 2010 at 10:16:19AM -0600, Modulok wrote: > > Criteria: > - HostA must never directly talk to HostB. > - Both hostA and hostB have an Internet connection. > > What I have to work with: > proCurve switch which supports VLANs. > 2x Intel NICs in FreeBSD which support VLANs. Am thinking you are approaching it the wrong way. Not familiar with the specifics of a ProCurve switch but that's a high end unit, not a Netgear. I would expect you could configure the switch to disallow the MAC addresses from talking to each other of hostA and hostB. Furthermore, it would be even easier to disallow hostB from within hostA's firewall. And do the same at hostB. -- David Kelly N4HHE, dkelly@HiWAAY.net ======================================================================== Whom computers would destroy, they must first drive mad.