Well, I was in search for blocking the client to client traffic for a while ago and I gave up.
One of the ISPs here does the following. DHCP assigns an IP and a gateway to the customer. But the gateway is virtual and is -1 of the users IP address. Its like
192.168.178.50 ----> clients IP address
192.168.178.49 ----> Virtual Gateway
Client only communicates with the 192.168.178.49 due to the /30 subnet. and the virtual gateway only communicates with the real router.
WAN Router -----> Virtual GW ------> Client
So the client gets completely isolated from the others.
Do you know how to implement such kind of networking environment or is there a manual for it for MT ?
Thanks
-
-
nazadnan2003
newbie
- Posts: 31
- Joined:
- Location: Iraq
- Contact:
Re: Virtual Things for isolation
If someone can help us to achieve this scenario
It will be the optimum soluthin for too many problems for example:
- client to client traffic.
- MAC Spoofing.
Thanks
Adnan Ahmed
It will be the optimum soluthin for too many problems for example:
- client to client traffic.
- MAC Spoofing.
Thanks
Adnan Ahmed
Re: Virtual Things for isolation
I asked about this long time ago... haven't noticed that this is provided as option.
Re: Virtual Things for isolation
Well client to client traffic can easily* be managed via a wireless interface simply by disabling the intra communication option... as for wired networks, sad to say; a managed switched is required that has features like port security and more important vlans. example: Cisco catalyst 2900+ ....
The latter is for obvious reasons ... (layers)
Im not so much fam. with the virt. gateway proposal.... but hey if isolation/security is that important to you, you can always use a direct tunneling protocol such as pppoe.
Regards.
The latter is for obvious reasons ... (layers)
Im not so much fam. with the virt. gateway proposal.... but hey if isolation/security is that important to you, you can always use a direct tunneling protocol such as pppoe.
Regards.
Re: Virtual Things for isolation
Currently Im using Mt as a standalone AAA Server with hotspot enabled. AP is a ZCOMAX 1500HP. Do you say that If i use Routerboards as an AP, I can disable client to client traffic in the wireless environment ?Well client to client traffic can easily* be managed via a wireless interface simply by disabling the intra communication option... as for wired networks, sad to say; a managed switched is required that has features like port security and more important vlans. example: Cisco catalyst 2900+ ....
The latter is for obvious reasons ... (layers)
Im not so much fam. with the virt. gateway proposal.... but hey if isolation/security is that important to you, you can always use a direct tunneling protocol such as pppoe.
Regards.
Re: Virtual Things for isolation
Create a chain of /30 pools, and have each pool refernce the next pool.
It would take forever to set up all the pools, but you could write a script to do it for you.
It would take forever to set up all the pools, but you could write a script to do it for you.
-
-
gustkiller
Member
- Posts: 419
- Joined:
- Location: Brazil
- Contact:
Re: Virtual Things for isolation
can u post an exemple of that script?