Date: Mon, 8 Mar 2021 10:12:19 +0100 From: Zenny <garbytrash@gmail.com> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: Isolate NATted netgraph vlans Message-ID: <CACuV5sCQj4QvCHm=yGWfGHYG_bDu5r9zEHMwf65LU_Y68Xc03g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
HI,
Any suggestion to restrict any transaction or interaction between
NATted netgraph vlans (vi0 and vi1) in this case , but not with the
bridged external nic ($extif in pf) in a setup (digraph) as of below
(netdiagram is attached).
I appreciate if anyone can suggest some inputs to isolate two netgraph
vlans which cannot reach each other, but is accessible to and from the
internet via NATted external NIC. I use pf, fyi.
Cheers and stay safe!
/z
<QUOTE>
digraph "netgraph" {
graph [
fontsize = "14"
fontname = "Times-Roman"
fontcolor = "black"
]
node [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
shape = "record"
style = "solid"
]
edge [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
style = "solid"
]
"1" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{em0:|{ether|[1]:}}"
shape = "record"
style = "solid"
]
"c5" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi1_c2:|{eiface|[c5]:}}"
shape = "record"
style = "solid"
]
"86" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi0_v2:|{eiface|[86]:}}"
shape = "record"
style = "solid"
]
"a8" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi1:|{eiface|[a8]:}}"
shape = "record"
style = "solid"
]
"69" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi0:|{eiface|[69]:}}"
shape = "record"
style = "solid"
]
"eb" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{ngctl15171:|{socket|[eb]:}}"
shape = "record"
style = "solid"
]
"ae" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi1br:|{bridge|[ae]:}}"
shape = "record"
style = "solid"
]
"6f" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi0br:|{bridge|[6f]:}}"
shape = "record"
style = "solid"
]
"b3" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi1_c1:|{eiface|[b3]:}}"
shape = "record"
style = "solid"
]
"74" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi0_v1:|{eiface|[74]:}}"
shape = "record"
style = "solid"
]
"d8" [
fontsize = "12"
fontname
--
Cheers,
/z = "Times-Roman"
fontcolor = "black"
label = "{vi1_c3:|{eiface|[d8]:}}"
shape = "record"
style = "solid"
]
"99" [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
label = "{vi0_v3:|{eiface|[99]:}}"
shape = "record"
style = "solid"
]
{
graph [
fontsize = "14"
fontname = "Times-Roman"
fontcolor = "black"
]
node [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
shape = "record"
style = "solid"
]
edge [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
style = "solid"
]
"1"
"c5"
"86"
"a8"
"69"
"eb"
"ae"
"6f"
"b3"
"74"
"d8"
"99"
}
subgraph "cluster_disconnected" {
graph [
fontsize = "14"
fontname = "Times-Roman"
fontcolor = "black"
bgcolor = "pink"
]
node [
fontsize = "12"
fontname = "Times-Roman"
fontcolor = "black"
shape = "record"
style = "solid"
]
edge [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
style = "solid"
]
"1"
"eb"
}
"ae" -> "c5" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "ether"
taillabel = "link2"
style = "solid"
]
"6f" -> "86" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "ether"
taillabel = "link2"
style = "solid"
]
"a8" -> "ae" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
Is there a way to dir = "none"
headlabel = "link0"
taillabel = "ether"
style = "solid"
]
"69" -> "6f" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "link0"
taillabel = "ether"
style = "solid"
]
"ae" -> "b3" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "ether"
taillabel = "link1"
style = "solid"
]
"6f" -> "74" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "ether"
taillabel = "link1"
style = "solid"
]
"ae" -> "d8" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "ether"
taillabel = "link3"
style = "solid"
]
"6f" -> "99" [
fontsize = "10"
fontname = "Times-Roman"
fontcolor = "black"
dir = "none"
headlabel = "ether"
taillabel = "link3"
style = "solid"
]
}
</QUOTE>
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its
contents by anyone other than the intended recipient is unauthorized as it
contains privileged and confidential information, and is subject to legal
privilege. Please do not re/distribute it. If you are not the intended
recipient (or responsible for delivery of the message to such person), you
may not use, copy, distribute or deliver the email and part of its contents
to anyone this message (or any part of its contents or take any action in
connection to it. In such case, you should destroy this message, and notify
the sender immediately. If you have received this email in error, please
notify the sender or your sysadmin immediately by e-mail or telephone, and
delete the e-mail from any computer. If you or your employer does not
consent to internet e-mail messages of this kind, please notify the sender
immediately. All reasonable precautions have been taken to ensure no
viruses are present in this e-mail and attachments included. As the sender
cannot accept responsibility for any loss or damage arising from the use of
this e-mail or attachments it is recommended that you are responsible to
follow your virus checking procedures prior to use. The views, opinions,
conclusions and other informations expressed in this electronic mail are
not given or endorsed by any company including the network providers unless
otherwise indicated by an authorized representative independent of this
message.
-.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACuV5sCQj4QvCHm=yGWfGHYG_bDu5r9zEHMwf65LU_Y68Xc03g>