Router security issue

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi

I've just found this group, and I hope you can help me figure this
out. I want to set up a router with firewall so that its not possible
for a handful of computers all connected to DSL to see each other,
even if one tries to do something naughty.

Although I'm au fait with win, networking is one area I've had little
experience with.

The end user machines will be assorted specs & OSes, mostly win 98/xp/
vista. The network is all cat5e wired, with cable internet.


thanks, NT

Re: Router security issue
On Oct 23, 2:27=A0am, meow2...@care2.com wrote:
Quoted text here. Click to load it

if i got it right, you mean, you want the hosts in your local network
not to be able even ping each other except the gateway-DSL router-
modem (or just the router ip)

if so, you don't need a firewall, you need an access control mechanism
(it may be called firewall, but not exactly)

if you obtain a basic cisco router with two fastetherent port; you can
apply the access list rules below:

1) first of all; suppose that fasteth 1 is your wan (DSL modem) site
and fasteth 2 is your local network site:

2) suppose that your local network range is 192.168.1.0 / 24
(255.255.255.0) and gateway is 192.168.1.1

3) enter the commands in cli below:


router(config)# access list 10 permit ip any host 192.168.1.1
router(config)# access list 10 deny ip any 192.168.1.0 0.0.0.255
router(config)# access list 10 permit ip any any
router(config)# interface fastethernet 2
router(config-if)# ip access-group 10 in

--------------------------------------------------------------------

the first line allows the packets destined to gateway (if this rule is
matched, then the second line rule is ignored)
the second line drops the packets destined to local network
the third line allows other packets wherever they are destined to
the fifth line command applies the access list 10 to the fastethernet
interface 2 (may be 1/2) for inbound traffic to that interface.

sorry not to mention other basic configs for router such as ip
address, no shut etc.

the other solution for your problem you can use a computer which runs
linux with two eth card and deploy it as a router between your local
netw. and dsl modem.
then you have to write a script with IPTABLES as access control like
the one above.

good luck

Site Timeline