Re: [Vyatta-users] Firewall: block internal telnet
okay thanks for replies. People help with this please, how can I block ssh on router i.e. 192.168.10.45 using firewall, I want to give access of ssh to say only ip xxx.xxx.xxx.xxx On 30/01/2008, Beau Walker [EMAIL PROTECTED] wrote: You'll want to ask the List that. I could only answer your last question because the answer wasn't specific to Vyatta. Beau Walker - CCNA, Linux+ -- *From:* Go Wow [mailto:[EMAIL PROTECTED] *Sent:* Tuesday, January 29, 2008 3:10 PM *To:* Beau Walker *Subject:* Re: [Vyatta-users] Firewall: block internal telnet Okay how can I block ssh on router i.e. 192.168.10.45 using firewall, I want to give access of ssh to say only ip xxx.xxx.xxx.xxx -- Those that make the rule don't play the game!! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Firewall: block internal telnet
Hi I want to configure my firewall so that it blocks the internal systems from telnet'ing each other. My config is eth0 192.168.10.45 (acting as WAN) eth1 192.168.1.1 (Internal Lan) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Firewall: block internal telnet
I believe you'd have to set up a firewall on each PC to block telnet access from the local subnet, or start using VLANs. The telnet traffic will connect to your internal systems just by going through your switches with the current configuration. The router will never even see the traffic. Beau Walker - CCNA, Linux+ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Go Wow Sent: Tuesday, January 29, 2008 2:51 PM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Firewall: block internal telnet Hi I want to configure my firewall so that it blocks the internal systems from telnet'ing each other. My config is eth0 192.168.10.45 (acting as WAN) eth1 192.168.1.1 (Internal Lan) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Firewall: block internal telnet
See the Vyatta docs at http://www.vyatta.com/documentation/index.php; there are examples in the firewall chapters. Best, Justin On Jan 29, 2008 12:17 PM, Go Wow [EMAIL PROTECTED] wrote: okay thanks for replies. People help with this please, how can I block ssh on router i.e. 192.168.10.45 using firewall, I want to give access of ssh to say only ip xxx.xxx.xxx.xxx On 30/01/2008, Beau Walker [EMAIL PROTECTED] wrote: You'll want to ask the List that. I could only answer your last question because the answer wasn't specific to Vyatta. Beau Walker - CCNA, Linux+ From: Go Wow [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 29, 2008 3:10 PM To: Beau Walker Subject: Re: [Vyatta-users] Firewall: block internal telnet Okay how can I block ssh on router i.e. 192.168.10.45 using firewall, I want to give access of ssh to say only ip xxx.xxx.xxx.xxx -- Those that make the rule don't play the game!! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Firewall: block internal telnet
This is my firewall config, look in rule 2 192.168.10.2 is my gateway, I added thinking that my internal LAN users would still have access to internet but there arent having can someone tell me why? or give me some pointers please. firewall { log-martians: enable send-redirects: disable receive-redirects: disable ip-src-route: disable broadcast-ping: disable syn-cookies: enable name Rule-1 { rule 1 { protocol: tcp action: accept log: disable source { network: 0.0.0.0/0 } destination { port-name ssh } } rule 2 { protocol: all action: accept log: disable source { address: 192.168.10.2 } } rule 3 { protocol: tcp action: accept log: disable source { network: 0.0.0.0/0 } destination { port-number 81 port-name http port-name https } } } } On 30/01/2008, Go Wow [EMAIL PROTECTED] wrote: How do I do this, my eth0 is WAN and eth1 is Internal LAN I want to unblock Internet for internal users and also i should have ssh and webgui interfaces rest all should be blocked how do i do this? -- Those that make the rule don't play the game!! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Firewall: block internal telnet
And I have added it to eth0 for in and local traffic only. On 30/01/2008, Go Wow [EMAIL PROTECTED] wrote: This is my firewall config, look in rule 2 192.168.10.2 is my gateway, I added thinking that my internal LAN users would still have access to internet but there arent having can someone tell me why? or give me some pointers please. firewall { log-martians: enable send-redirects: disable receive-redirects: disable ip-src-route: disable broadcast-ping: disable syn-cookies: enable name Rule-1 { rule 1 { protocol: tcp action: accept log: disable source { network: 0.0.0.0/0 } destination { port-name ssh } } rule 2 { protocol: all action: accept log: disable source { address: 192.168.10.2 } } rule 3 { protocol: tcp action: accept log: disable source { network: 0.0.0.0/0 } destination { port-number 81 port-name http port-name https } } } } On 30/01/2008, Go Wow [EMAIL PROTECTED] wrote: How do I do this, my eth0 is WAN and eth1 is Internal LAN I want to unblock Internet for internal users and also i should have ssh and webgui interfaces rest all should be blocked how do i do this? -- Those that make the rule don't play the game!! -- Those that make the rule don't play the game!! ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users