The config is what I call in-between.
Not properly setup as a router ( missing address for WAN address OR setting for dhcp client, OR pppoe setting ( one of the three required ).
No routing either for router setup.
No dhcp server for any LAN traffic either.
Not properly setup as a switch
There is no address given to the device (missing)??
Firewall rules are not required!
Assuming one flat network, there is no separation of users from main LAN then that the device is connected to.
No sourcnat required
Thus what is this device connected to (and on which port aka the source of its traffic on the internet side of things).
What is the device supposed to be providing (on its ports to what devices )
Hello,
in a big network with a lot of users and network ranges, I like to secure vulnerable network devices. For instance an old programmable logic controller. Often these devices have an old firmware, open ftp, and other unwanted open access.
The devices (LAN) should still access the DHCP and ntp server and receive their IP address (if not static). ICMP should be possible and open access from a specific network range as 1.2.3.0/24
In the attachment above, however the firewall is not working as well the members of the LAN don't get an IP from the DHCP server.
It would be great if the router could be passive, without receiving an IP. If I add Ether1 to the bridge, the LAN Member receive an IP from the DHCP server, however the Firewall is still not working.
Is this the right approach and possible? Is another approach better?
Thank you