I'm certain someone else has been in this situation but I just can't seem to find a thread that answers my questions so I'm hoping someone out there can help me. I don't have much experience using Astaro products so please clearly describe the screen you refer to in your responses thanks.
I'm trying to setup a guest WLAN that only has basic web surfing and email service access (like SMTP, IMAP, POP) No SSH, FTP etc. and I want to restrict access from the guest WLAN to any internal file servers, intranet servers, etc.
I've attached an image of the LAN mapping and a list of the devices that are used in this network is as follows:
-Cable modem
-ASG 110/120 with firmware 7.504 and with only 3 ports (the products section of the Astaro website says that there should be 4 ports but for some reason the one I have only has 3)
-2 x HP Procurve 1800-24G switches
-Linksys WRT54G running Tomato 1.28 firmware
The network spans a couple floors and the HP switches only have one cable connecting them to each other. There are more switches and access points spread throughout the network but the image shows the direct route between the Linksys and the ASG and the network ports that are used.
Right now I can get internet access through the Linksys but I'm also able to see the file servers on the internal network. The WAN IP of the Linksys is 192.168.2.5 with it's gateway being the internal interface of the ASG which is 192.168.2.8.
If I make the packet filter rules:
source=Linksys
service=web surfing
destination=any
position 1
Action=ALLOW
source=Linksys
service=any
destination=any
position 2
Action=DROP
nothing seems to be restricted. In fact, it seems like most of the packet filter rules do not restrict what they're supposed to. I'm assuming I'm missing some permission that has precedence over packet filtering or I'm not understanding how packet filtering is supposed to work or packet filtering is somehow broken.
Thanks for any help,
Sean
I'm trying to setup a guest WLAN that only has basic web surfing and email service access (like SMTP, IMAP, POP) No SSH, FTP etc. and I want to restrict access from the guest WLAN to any internal file servers, intranet servers, etc.
I've attached an image of the LAN mapping and a list of the devices that are used in this network is as follows:
-Cable modem
-ASG 110/120 with firmware 7.504 and with only 3 ports (the products section of the Astaro website says that there should be 4 ports but for some reason the one I have only has 3)
-2 x HP Procurve 1800-24G switches
-Linksys WRT54G running Tomato 1.28 firmware
The network spans a couple floors and the HP switches only have one cable connecting them to each other. There are more switches and access points spread throughout the network but the image shows the direct route between the Linksys and the ASG and the network ports that are used.
Right now I can get internet access through the Linksys but I'm also able to see the file servers on the internal network. The WAN IP of the Linksys is 192.168.2.5 with it's gateway being the internal interface of the ASG which is 192.168.2.8.
If I make the packet filter rules:
source=Linksys
service=web surfing
destination=any
position 1
Action=ALLOW
source=Linksys
service=any
destination=any
position 2
Action=DROP
nothing seems to be restricted. In fact, it seems like most of the packet filter rules do not restrict what they're supposed to. I'm assuming I'm missing some permission that has precedence over packet filtering or I'm not understanding how packet filtering is supposed to work or packet filtering is somehow broken.
Thanks for any help,
Sean