News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: block access between LAN and OPT1 do different non-routable classes matter?
Pages: [1]
Topic: block access between LAN and OPT1 do different non-routable classes matter?  (Read 1367 times)
« on: November 02, 2008, 20:12:57 »
stevekal *
Posts: 2
noob ?s

I am setting up monowall with the internal lan on LAN using 192.168.1.x
The OPT1 is for a captive portal
I have a rule in place blocking OPT1 to LAN traffic

2 questions:
1. my understanding is that LAN traffic between computers cannot be blocked by the firewall, as the computers communicate on the physical layer.  However, traffic between OPT1 and LAN can be controlled/blocked by the firewall.  Can someone confirm that is correct?

2. LAN traffic is on 192.168.1.x.  Does it make any difference if the OPT1 traffic is on 192.168.10.x, vs. 172.16.0.x?

thx!
« Reply #1 on: November 03, 2008, 10:49:22 »
markb ****
Posts: 331
That is correct.  Traffic between PCs on the LAN go direct from PC to PC as they are on the same subnet, it doesn't even touch the router.  If you wanted to control this traffic you would be best using some kind of corporate firewall software controlled by policy.  Or possible some expensive network switch. The opt1 interface subnet will not make any difference, as it goes through the firewall to talk to anything outside it's subnet.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines