I beg your response ... / Ruego su respuesta...
Steve O'Hara-Smith
steve at sohara.org
Mon Aug 20 11:00:02 UTC 2018
On Mon, 20 Aug 2018 10:44:18 +0200
Polytropon <freebsd at edvax.de> wrote:
> Re-including list, hope that's okay.
>
> On Sun, 19 Aug 2018 20:49:19 +0000, Arturo Rafael Ramírez Briceño wrote:
> > In the context of "preventing the nodes of the same lan from being
> > seen" is to say that files, printers, and other resources can not
> > be shared on the network; but nevertheless, through the server, each
> > node can access the internet. If possible, how can I do it?
>
> This doesn't really look like a task for a firewall, but
This can be achieved with the combination of a router and a managed
switch. Assign each node its own VLAN and set the switch up so that each
node's port is on the node's VLAN untagged and the routers port is on all
the VLANS tagged.
The router provides routes between the internet and the VLANs but
not between the VLANs and enforces this with firewall rules.
Essentially this is like having a router with a lot of ports and
one node on each port (which is another solution).
If your nodes are on a wireless LAN then the AP can probably
isolate them from each other for you.
> instead I'd suggest to take a close look at resource
> management at the individual nodes. Simply don't enable
This is good advice and simpler - if you want enforced isolation it
is more complex.
--
Steve O'Hara-Smith <steve at sohara.org>
More information about the freebsd-questions
mailing list