[Vyatta-users] Restricting traffic between networks

Thu, 06 Dec 2007 13:54:50 -0800 

Hello,

I'm trying to restrict traffic between two networks.

I have work computers on the 10.10.0.0/24 network. I have development  
computers on the 10.20.0.0/24 network. I want to prevent the  
development computers from accessing anything on the 10.10.0.0/24  
network, but allowing ssh, ftp, and rdp (Remote Desktop Protocol)  
connections from the work computers to the development computers.

I've been playing with firewall rules and any time I try to use rule  
4, all traffic from the development network stops. Currently, I have  
unrestricted routing working both directions.


Here is my running configuration:

/*XORP Configuration File, v1.0*/
protocols {
     }
}
policy {
}
interfaces {
     ethernet eth0 {
         disable: false
         discard: false
         hw-id: 00:0e:0c:b8:4d:12
         duplex: "auto"
         speed: "auto"
         address 10.10.0.199 {
             prefix-length: 24
             disable: false
         }
     }
     ethernet eth1 {
         disable: false
         discard: false
         hw-id: 00:0e:0c:b8:4c:65
         duplex: "auto"
         speed: "auto"
         address 10.20.0.1 {
             prefix-length: 24
             disable: false
         }
     }
}
service {
     ssh {
         port: 22
         protocol-version: "v2"
     }
     webgui {
         http-port: 80
         https-port: 443
     }
}
firewall {
     log-martians: "enable"
     send-redirects: "disable"
     receive-redirects: "disable"
     ip-src-route: "disable"
     broadcast-ping: "disable"
     syn-cookies: "enable"
     name "FW-1" {
         rule 1 {
             protocol: "tcp"
             action: "accept"
             log: "disable"
             source {
                 network: "10.10.0.0/24"
             }
             destination {
                 network: "10.20.0.0/24"
                 port-name ssh
             }
         }
         rule 2 {
             protocol: "tcp"
             action: "accept"
             log: "disable"
             source {
                 network: "10.10.0.0/24"
             }
             destination {
                 network: "10.20.0.0/24"
                 port-number 3389
             }
         }
         rule 3 {
             protocol: "tcp"
             action: "accept"
             log: "disable"
             source {
                 network: "10.10.0.0/24"
             }
             destination {
                 port-name ftp
             }
         }
         rule 4 {
             description: "10.10.0.0/24"
             protocol: "all"
             action: "drop"
             log: "disable"
             source {
                 network: "10.20.0.0/24"
             }
             destination {
                 network: "10.10.0.0/24"
             }
         }
     }
}
system {
     host-name: "router"
     domain-name: "foo.com"
     time-zone: "GMT"
     ntp-server "69.59.150.135"
     login {
         user root {
             full-name: ""
             authentication {
                 encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
             }
         }
         user vyatta {
             full-name: ""
             authentication {
                 encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh."
             }
         }
     }
     package {
         auto-sync: 1
         repository community {
             component: "main"
             url: "http://archive.vyatta.com/vyatta";
         }
     }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version:  
"[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]:[EMAIL 
PROTECTED]:[EMAIL PROTECTED]:[EMAIL PROTECTED]" ===  
*/
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Reply via email to