Re: firewall on the same segment

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2003-09-10 Fernando Serto wrote:
> I always installed firewalls to prevent access from internet to the
> internal network, or from one network to another, but I was asked to
> install a firewall ON the LAN, to deny access to a few boxes. for
> example, the network address is 192.168.100.0/24, firewall's ip is
> 192.168.100.1 and I need to block access to a specific server which ip
> is 192.168.100.3.

I see (from my very limited perspective ;) two approaches to solve your
problem:

- move the server to another subnet and deny/allow access on the router
  between the subnets
- install and configure iptables on the server itself (provided it's
  running Linux)

You can't filter this kind of traffic on your regular firewall. The
packets don't travel host1->firewall->host2 but rather host1->host2,
because the hosts are on the same subnet.

HTH

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------