VLANs is this right?
Modulok
modulok at gmail.com
Mon Jul 5 17:30:15 UTC 2010
It was a simplified diagram of what I thought I needed. ( Which may or
may not be what I actually need! )
Basically, I want a port on the switch that I can plug un-trusted
devices into. Systems wich are known to be just crawling with
malicious software. I need to provide them with an Internet
connection, but otherwise want them separated from everybody else.
Think DMZ isolation, but they're not providing any 'external'
services. I was wondering if this could be done with tagging and
address aliases, instead of buying a third network card for the BSD
machine.
If that makes any sense.
On 7/5/10, David Kelly <dkelly at hiwaay.net> wrote:
> On Mon, Jul 05, 2010 at 10:16:19AM -0600, Modulok wrote:
>>
>> Criteria:
>> - HostA must never directly talk to HostB.
>> - Both hostA and hostB have an Internet connection.
>>
>> What I have to work with:
>> proCurve switch which supports VLANs.
>> 2x Intel NICs in FreeBSD which support VLANs.
>
> Am thinking you are approaching it the wrong way.
>
> Not familiar with the specifics of a ProCurve switch but that's a high
> end unit, not a Netgear. I would expect you could configure the switch
> to disallow the MAC addresses from talking to each other of hostA and
> hostB.
>
> Furthermore, it would be even easier to disallow hostB from within
> hostA's firewall. And do the same at hostB.
>
> --
> David Kelly N4HHE, dkelly at HiWAAY.net
> ========================================================================
> Whom computers would destroy, they must first drive mad.
>
More information about the freebsd-questions
mailing list