Date: Mon, 20 Aug 2018 11:59:46 +0100 From: Steve O'Hara-Smith <steve@sohara.org> To: Polytropon <freebsd@edvax.de> Cc: Arturo Rafael =?UTF-8?B?UmFtw61yZXogQnJpY2XDsW8=?= <harturo_ramirez@hotmail.com>, "questions@FreeBSD.org" <questions@freebsd.org> Subject: Re: I beg your response ... / Ruego su respuesta... Message-ID: <20180820115946.90c2f5adad5e5181f02b788e@sohara.org> In-Reply-To: <20180820104418.20cd6909.freebsd@edvax.de> References: <BN6PR01MB245119DF1451C1312D2150578D330@BN6PR01MB2451.prod.exchangelabs.com> <BN6PR01MB24511CEC66A1068DC9B4FF2A8D330@BN6PR01MB2451.prod.exchangelabs.com> <20180819205328.eb81c27b.freebsd@edvax.de> <BN6PR01MB2451FBD3E8B944E47F208D8E8D330@BN6PR01MB2451.prod.exchangelabs.com> <20180820104418.20cd6909.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Aug 2018 10:44:18 +0200 Polytropon <freebsd@edvax.de> wrote: > Re-including list, hope that's okay. > > On Sun, 19 Aug 2018 20:49:19 +0000, Arturo Rafael Ramírez Briceño wrote: > > In the context of "preventing the nodes of the same lan from being > > seen" is to say that files, printers, and other resources can not > > be shared on the network; but nevertheless, through the server, each > > node can access the internet. If possible, how can I do it? > > This doesn't really look like a task for a firewall, but This can be achieved with the combination of a router and a managed switch. Assign each node its own VLAN and set the switch up so that each node's port is on the node's VLAN untagged and the routers port is on all the VLANS tagged. The router provides routes between the internet and the VLANs but not between the VLANs and enforces this with firewall rules. Essentially this is like having a router with a lot of ports and one node on each port (which is another solution). If your nodes are on a wireless LAN then the AP can probably isolate them from each other for you. > instead I'd suggest to take a close look at resource > management at the individual nodes. Simply don't enable This is good advice and simpler - if you want enforced isolation it is more complex. -- Steve O'Hara-Smith <steve@sohara.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180820115946.90c2f5adad5e5181f02b788e>