Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
I know this is not Linux-related, but I wanted to gain the network wisdom of the list nonetheless. If I shouldn't post such a question again to this list, I'll let the moderator(s) yell at me :-) I have a Dell 6224 managed switch. This is all on an isolated LAN - I want a scenario where I allow all protocols - ip, tcp, udp, icmp, igmp to pass between one external host and a handful of hosts on the switch, blocking any other hosts on the switch from talking to the handeful of hosts and from the external host, and blocking the external host from talking to the "other hosts" on the switch. I set up some rules as follows: access-list test10 permit ip 192.168.1.5 0.0.0.0 172.16.1.10 0.0.0.0 access-list test10 permit udp 192.168.1.5 0.0.0.0 172.16.1.10 0.0.0.0 [snip - repeated for rest of protocols] access-list test10 permit ip 172.16.1.10 0.0.0.0 192.168.1.5 0.0.0.0 access-list test10 permit udp 172.16.1.10 0.0.0.0 192.168.1.5 0.0.0.0 [snip - repeated for rest of protocols] access-list test20 permit ip 192.168.1.6 0.0.0.0 172.16.1.10 0.0.0.0 access-list test20 permit udp 192.168.1.6 0.0.0.0 172.16.1.10 0.0.0.0 [snip - repeated for rest of protocols] access-list test20 permit ip 172.16.1.10 0.0.0.0 192.168.1.6 0.0.0.0 access-list test20 permit udp 172.16.1.10 0.0.0.0 192.168.1.6 0.0.0.0 [snip - repeated for rest of protocols] No other hosts (192.168.x.y), whether on the LAN or another switch feeding this one, should be able to reach 172.16.1.10 after the rules are in place, nor should 172.16.1.10 be able to reach any other hosts on the 192.168.x.y network other than those in the access-list. Is that all that is needed, or do I need some kind of deny line, or anything else? Also, what flexibility do I have if I want to disable the rules for some reason, then re-enable them, without having to re-enter them? Thanks much in advance. Scott
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |