Antony Stone wrote: > > On Friday 19 April 2002 5:18 pm, Arindam Haldar wrote: > > YES ! i mean windows network neighborhood ! > > how can a client only see his network pc in his network & not others ! > > 1. Turn off Windows Networking ? (Don't ask us here how to do that - this > is a netfilter mailing list :-) > 2. You can't stop a peer-to-peer network with a firewall. Windows > Networking is peer-to-peer, and netfilter is a firewall. Unless you put > every client on its own subnet (which would involve an awful lot of network > cards !) you won't stop them talking to each other using netfilter, because > they're not going through the firewall.
though...extending that thought a bit further...use 802.1q VLAN tagging. Connect each physical ethernet port to a specific VLAN port on a 802.1q-capable switch (cisco, HP, etc) and route through a 802.1q capable linux box. 802.1q support is now built into kernels > 2.4.15 and you can add a vlan interface (akin to an IP alias) for each VLAN on your switch. Each PC can continue to use DHCP thru that VLAN interface and can be prevented from "seeing" any other VLAN interface using iptables. Example: http://www.planetconnect.com/vlan/ (note: examaple was written before 802.1 support was in kernel) or...install a firewall app on each node PC. Perhaps one that can be centrally managed (e.g. blackice, zonelabs ntegrity, etc?) Can't say how practical any of these 2 cents worth of ideas might be, but... -- Doug Monroe
