From owner-freebsd-questions@FreeBSD.ORG Mon Jul 5 17:30:15 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11AD9106564A for ; Mon, 5 Jul 2010 17:30:15 +0000 (UTC) (envelope-from modulok@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id BADBC8FC1A for ; Mon, 5 Jul 2010 17:30:14 +0000 (UTC) Received: by vws6 with SMTP id 6so6444605vws.13 for ; Mon, 05 Jul 2010 10:30:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=mp22NPTBmEzKmq5WAkzVUT5Rf7179NCaLbDwc8qkyF4=; b=GWf5vinxydK+UINamVumMpuGWjyYctiJ0AO1Q6EEIy9YQYFODNH5Kj8BXxcl5Nzm27 xVXqsoSwnCvnlpQMaha7h5BS+Owfg8eP7whfJUKNl3kpuA45aWWKpKneEhUpktgUEDC0 ONhMxeYHdED4N27QtcjntJeuGPSeK79fyxHOU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=b2dZ2L5oa7YVF4AmDn0Lt6FPwYfHafD3h0+wmG+ikkwkvmZ9thq9b0i6KGmh4zvb6R Ho+AsryK0yNsT/c1to0KCuTHR6lTlSaRgTzN+meJPe1g3S3D1LVDhlhG5iVKagmMz/H1 SRfDrTTtaQkB7E4nNB0Lmtbkto5j92WKGZWss= MIME-Version: 1.0 Received: by 10.224.64.209 with SMTP id f17mr1677714qai.138.1278351010036; Mon, 05 Jul 2010 10:30:10 -0700 (PDT) Received: by 10.224.67.132 with HTTP; Mon, 5 Jul 2010 10:30:09 -0700 (PDT) In-Reply-To: <20100705165746.GB10990@Grumpy.DynDNS.org> References: <20100705165746.GB10990@Grumpy.DynDNS.org> Date: Mon, 5 Jul 2010 11:30:09 -0600 Message-ID: From: Modulok To: David Kelly Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: VLANs is this right? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jul 2010 17:30:15 -0000 It was a simplified diagram of what I thought I needed. ( Which may or may not be what I actually need! ) Basically, I want a port on the switch that I can plug un-trusted devices into. Systems wich are known to be just crawling with malicious software. I need to provide them with an Internet connection, but otherwise want them separated from everybody else. Think DMZ isolation, but they're not providing any 'external' services. I was wondering if this could be done with tagging and address aliases, instead of buying a third network card for the BSD machine. If that makes any sense. On 7/5/10, David Kelly wrote: > On Mon, Jul 05, 2010 at 10:16:19AM -0600, Modulok wrote: >> >> Criteria: >> - HostA must never directly talk to HostB. >> - Both hostA and hostB have an Internet connection. >> >> What I have to work with: >> proCurve switch which supports VLANs. >> 2x Intel NICs in FreeBSD which support VLANs. > > Am thinking you are approaching it the wrong way. > > Not familiar with the specifics of a ProCurve switch but that's a high > end unit, not a Netgear. I would expect you could configure the switch > to disallow the MAC addresses from talking to each other of hostA and > hostB. > > Furthermore, it would be even easier to disallow hostB from within > hostA's firewall. And do the same at hostB. > > -- > David Kelly N4HHE, dkelly@HiWAAY.net > ======================================================================== > Whom computers would destroy, they must first drive mad. >