Router security issue - Firewalls

This is a discussion on Router security issue - Firewalls ; Hi I've just found this group, and I hope you can help me figure this out. I want to set up a router with firewall so that its not possible for a handful of computers all connected to DSL to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Router security issue

  1. Router security issue

    Hi

    I've just found this group, and I hope you can help me figure this
    out. I want to set up a router with firewall so that its not possible
    for a handful of computers all connected to DSL to see each other,
    even if one tries to do something naughty.

    Although I'm au fait with win, networking is one area I've had little
    experience with.

    The end user machines will be assorted specs & OSes, mostly win 98/xp/
    vista. The network is all cat5e wired, with cable internet.


    thanks, NT

  2. Re: Router security issue

    On Oct 23, 2:27*am, meow2...@care2.com wrote:
    > Hi
    >
    > I've just found this group, and I hope you can help me figure this
    > out. I want to set up a router with firewall so that its not possible
    > for a handful of computers all connected to DSL to see each other,
    > even if one tries to do something naughty.
    >
    > Although I'm au fait with win, networking is one area I've had little
    > experience with.
    >
    > The end user machines will be assorted specs & OSes, mostly win 98/xp/
    > vista. The network is all cat5e wired, with cable internet.
    >
    > thanks, NT


    if i got it right, you mean, you want the hosts in your local network
    not to be able even ping each other except the gateway-DSL router-
    modem (or just the router ip)

    if so, you don't need a firewall, you need an access control mechanism
    (it may be called firewall, but not exactly)

    if you obtain a basic cisco router with two fastetherent port; you can
    apply the access list rules below:

    1) first of all; suppose that fasteth 1 is your wan (DSL modem) site
    and fasteth 2 is your local network site:

    2) suppose that your local network range is 192.168.1.0 / 24
    (255.255.255.0) and gateway is 192.168.1.1

    3) enter the commands in cli below:


    router(config)# access list 10 permit ip any host 192.168.1.1
    router(config)# access list 10 deny ip any 192.168.1.0 0.0.0.255
    router(config)# access list 10 permit ip any any
    router(config)# interface fastethernet 2
    router(config-if)# ip access-group 10 in

    --------------------------------------------------------------------

    the first line allows the packets destined to gateway (if this rule is
    matched, then the second line rule is ignored)
    the second line drops the packets destined to local network
    the third line allows other packets wherever they are destined to
    the fifth line command applies the access list 10 to the fastethernet
    interface 2 (may be 1/2) for inbound traffic to that interface.

    sorry not to mention other basic configs for router such as ip
    address, no shut etc.

    the other solution for your problem you can use a computer which runs
    linux with two eth card and deploy it as a router between your local
    netw. and dsl modem.
    then you have to write a script with IPTABLES as access control like
    the one above.

    good luck

+ Reply to Thread