smoothwall question

S

skylab

2[H]4U
Joined
Sep 5, 2001
Messages
2,981
I need a smoothwall setup with 2 seperate LANs that can both see the internet, but cannot see each other. One of them is an unsecured wireless access point. Is it possible to put that on the orange interface and keep it from being able to see the green interface? Or is there another similiar product with a good web interface that will do what I need?
 
I am not familiar with Smoothwall in particular but as a general rule to seperate access between subnets (aka your two seperate LANs) you will want to setup a firewall rule to deny access from the untrusted subnet to the trusted one.


For a practical guide on how to do this inside of Smoothwall:

http://download.smoothwall.org/archive/docs/2.0/admin.pdf

Section 2.6.3 "DMZ Pinholes"

"It allows the Administrator to configure “holes” between the DMZ (Orange network) and the Local (Green) network. The standard configuration, without any holes configured, blocks any host in the DMZ from connecting to a host on the Local (Green) network."

Best of luck ;)
 
You haven't given any details about your network, but the best way to test would be to get a machine on each subnet and then try to scan the other. If you run a nmap scan and get any results back then you know that something is amiss. You could also do this more simply with tools like ping or telnet (if you have a web server on your trusted side for instance try running "telnet <server ip> 80" from the untrusted side.
 
Although I haven't had a chance to try it out, Monowall looks like it might do what you want...it has (by the documentation/screenshoots) stuff for wireless and additional interfaces.

Let us know if it works if you try it out.

http://www.m0n0.ch/wall/
 
skylab said:
I need a smoothwall setup with 2 seperate LANs that can both see the internet, but cannot see each other. One of them is an unsecured wireless access point. Is it possible to put that on the orange interface and keep it from being able to see the green interface? Or is there another similiar product with a good web interface that will do what I need?
Click to expand...


Yes... the whole purpose of the orange network is to allow that segment to access the internet while being isolated from the green segment. The only thing I'm not sure of is if you can have a seperate IP range for the two adapters...
 
I set up the smoothwall box, havent installed it yet though. Its lets you have independant IP ranges for each nic. The only thing is there is no DHCP server for the orange interface but thats no big deal...
 
You must log in or register to reply here.
Back
Top