I recently purchased a NETGEAR FVS328 firewall. I am trying to configure it to block ANY traffic from a range of internal addresses ("LAN Users" in NETGEAR's jargon).
While the FVS328 lets me specify a range of addresses, it doesn't have an option to block ALL traffic from that range. It only allows me to specify one service per rule to be blocked. While I could enter as many rules as there are services in the listbox FVS328 provides, this is tedious (and most probably doesn't block ALL traffic?).
The list of services currently "blockable" by FVS328 is:
AIM(TCP:5190) BGP(TCP:179) BOOTP_CLIENT(UDP:68) BOOTP_SERVER(UDP:67..68) CU-SEEME(TCP/UDP:7648) DNS(TCP/UDP:53) FINGER(TCP:79) FTP(TCP:21) H.323(TCP:1720) HTTP(TCP:80) HTTPS(TCP:443) ICQ(TCP:5190) IRC(TCP/UDP:6660..6669) NEWS(TCP:119) NFS(UDP:2049) NNTP(TCP:119) POP3(TCP:110) PPTP(TCP:1723) RCMD(TCP:512) REAL-AUDIO(TCP:7070) REXEC(TCP:514) RLOGIN(TCP:513) RTELNET(TCP:107) RTSP(TCP/UDP:554) SFTP(TCP:115) SMTP(TCP:25) SNMP(TCP/UDP:161) SNMP-TRAPS(TCP/UDP:162) SQL-NET(TCP:1521) SSH(TCP/UDP:22) STRMWORKS(UDP:1558) TACACS(UDP:49) TELNET(TCP:23) TFTP(UDP:69) VDOLIVE(TCP:7000) IMAP2(TCP:143) IMAP3(TCP:220) PING(ICMP:8) ICMP-INFO(ICMP:3..11) ICMP-TIMESTAMP(ICMP:13)
Any suggestion how to work around this problem?
I don't mind so much about the tedius part, but I *would* like to block ALL possible outgoing ports for a certain range of IP addresses (assigned for internal LAN access only). Is this possible with the FVS328?
I could do it quite easily with my Linux box running ipchains or iptables, but that Linux box no longer serves as the Internet gateway for my LAN.
Thanks, Daniel