Date: Mon, 5 Jul 2010 11:30:09 -0600 From: Modulok <modulok@gmail.com> To: David Kelly <dkelly@hiwaay.net> Cc: freebsd-questions@freebsd.org Subject: Re: VLANs is this right? Message-ID: <AANLkTim0kbRIA5ZaCYCLaijIvTmGyugiy36vHgU10sAX@mail.gmail.com> In-Reply-To: <20100705165746.GB10990@Grumpy.DynDNS.org> References: <AANLkTilW7eTmmdUtRlXpRX3CT_vuOkE2M0eDB_qiiauW@mail.gmail.com> <20100705165746.GB10990@Grumpy.DynDNS.org>
next in thread | previous in thread | raw e-mail | index | archive | help
It was a simplified diagram of what I thought I needed. ( Which may or may not be what I actually need! ) Basically, I want a port on the switch that I can plug un-trusted devices into. Systems wich are known to be just crawling with malicious software. I need to provide them with an Internet connection, but otherwise want them separated from everybody else. Think DMZ isolation, but they're not providing any 'external' services. I was wondering if this could be done with tagging and address aliases, instead of buying a third network card for the BSD machine. If that makes any sense. On 7/5/10, David Kelly <dkelly@hiwaay.net> wrote: > On Mon, Jul 05, 2010 at 10:16:19AM -0600, Modulok wrote: >> >> Criteria: >> - HostA must never directly talk to HostB. >> - Both hostA and hostB have an Internet connection. >> >> What I have to work with: >> proCurve switch which supports VLANs. >> 2x Intel NICs in FreeBSD which support VLANs. > > Am thinking you are approaching it the wrong way. > > Not familiar with the specifics of a ProCurve switch but that's a high > end unit, not a Netgear. I would expect you could configure the switch > to disallow the MAC addresses from talking to each other of hostA and > hostB. > > Furthermore, it would be even easier to disallow hostB from within > hostA's firewall. And do the same at hostB. > > -- > David Kelly N4HHE, dkelly@HiWAAY.net > ======================================================================== > Whom computers would destroy, they must first drive mad. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTim0kbRIA5ZaCYCLaijIvTmGyugiy36vHgU10sAX>