LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Preventing internal network traffic with linux firewall
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-03-2010, 05:27 AM   #1
pauldg123
LQ Newbie
 
Registered: Aug 2008
Location: South Africa
Distribution: RHEL
Posts: 2

Rep: Reputation: 0
Preventing internal network traffic with linux firewall

Hi Guys,

Does anyone know if it is possible to filter/block network traffic between
internal hosts on a lan?

Eg. :
Linux firewall/router ( 192.168.0.1) - LAN Default G/W - all internal > external traffic gets filtered.

How would you filter tcp/ICMP/UDP traffic from internal host a ( 192.168.0.2 ) to host b ( 192.168.0.3)

All the internal hosts have the linux f/w as the default gateway, and are all on the same /24 subnet.

I would like to know if I can filter traffic between internal hosts.

Any Info would be appreciated.
Thx
 
Old 07-03-2010, 06:01 AM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
You can use iptables on host a, or if your hosts are connected through switch on the router, you can make rules for firewall on router.
 
Old 07-03-2010, 06:17 AM   #3
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
If you put them to different LAN, you can apply filer rule in iptables, otherwise they WILL communicate through switch, because they will use same LAN IP and their packets never reach LAN GW.
 
Old 07-03-2010, 07:42 AM   #4
gratuitous_arp
LQ Newbie
 
Registered: Jul 2009
Posts: 28

Rep: Reputation: 17
As said, you can filter using IPtables on the PCs whether or not they are on the same subnet. If you have an un-managed switch behind your Linux firewall/router, which the PCs connect to, you won't be able to filter using the firewall. Most managed switches will let you filter.

If the Linux firewall has multiple LAN-side ethernet ports acting as a LAN switch using brctl, you can use ethtables to filter between switchports.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Monitor indiviual users' network traffic from my firewall ? Dark Carnival Linux - Security 2 04-01-2016 01:59 PM
Tool to Monitor Network Traffic for Firewall Rule Set? jrbush82 Linux - Security 2 07-18-2007 06:59 PM
SuSE 9.2 - firewall blocks internal network cannabuz Linux - Networking 0 01-17-2005 08:34 AM
Internal Firewall/Gateway problems on complex home network WarmFlatSprite Linux - Wireless Networking 3 02-19-2004 08:33 PM
sniffing network traffic, linux server between firewall and router, only want http sabah Linux - Networking 2 10-20-2003 12:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:53 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration