Private & Public Network - stop communication between them

stangride · 01-11-2012, 10:49 PM

Hi:

We have three interfaces within our UTM device:

- Ext
- Int - 192.168.1.1/24
- DMZ - 192.168.10.1/24

The internal interface is used for our Private network and we would like the DMZ to be setup as our Public network that we can put a wireless connection on that doesn't have access through the network back to the 192.168.1.x/24 network. What do I need to do in the UTM/Firewall to prevent the two networks from talking?

Thanks,
Stangride

dmorris · 01-11-2012, 10:50 PM

either
1) add a packet filter rule to just filter traffic between the two
2) uncheck "NAT only WAN traffic" in config->networking->advanced->general. (NAT will happen between the two)

welcome to the forums.

stangride · 01-12-2012, 06:14 AM

dmorris:

I went with your option # 2 and unfortunately, if I am on a machine that is on the 192.168.1.x subnet, they can ping 192.168.10.1 which is the static IP assigned to the DMZ interface.

What should I do to eliminate communication between the two subnets but allow each to route to the outside (ext) interface.

Thanks you,
Stangride

stangride · 01-12-2012, 09:44 AM

Dmorris:

If I create two packet filters like this, will that do what I am looking for?

Configuration>Networking>Advanced>Packet Filter

Rule#1 Src=10.x DST=1.x
Action: Reject
Source Address: 192.168.10.0/24
Destination Address: 192.168.1.0/24

Rule#2 Src=1.x DST=10.x
Action: Reject
Source Address: 192.168.1.0/24
Destination Address: 192.168.10.0/24

Thank you,
Stangride

01-11-2012, 10:49 PM	#1 (permalink)
stangride Newbie Join Date: Jan 2012 Posts: 4	Private & Public Network - stop communication between them Hi: We have three interfaces within our UTM device: - Ext - Int - 192.168.1.1/24 - DMZ - 192.168.10.1/24 The internal interface is used for our Private network and we would like the DMZ to be setup as our Public network that we can put a wireless connection on that doesn't have access through the network back to the 192.168.1.x/24 network. What do I need to do in the UTM/Firewall to prevent the two networks from talking? Thanks, Stangride

01-11-2012, 10:50 PM	#2 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 10,611	either 1) add a packet filter rule to just filter traffic between the two 2) uncheck "NAT only WAN traffic" in config->networking->advanced->general. (NAT will happen between the two) welcome to the forums. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-12-2012, 06:14 AM	#3 (permalink)
stangride Newbie Join Date: Jan 2012 Posts: 4	dmorris: I went with your option # 2 and unfortunately, if I am on a machine that is on the 192.168.1.x subnet, they can ping 192.168.10.1 which is the static IP assigned to the DMZ interface. What should I do to eliminate communication between the two subnets but allow each to route to the outside (ext) interface. Thanks you, Stangride

01-12-2012, 09:44 AM	#4 (permalink)
stangride Newbie Join Date: Jan 2012 Posts: 4	Dmorris: If I create two packet filters like this, will that do what I am looking for? Configuration>Networking>Advanced>Packet Filter Rule#1 Src=10.x DST=1.x Action: Reject Source Address: 192.168.10.0/24 Destination Address: 192.168.1.0/24 Rule#2 Src=1.x DST=10.x Action: Reject Source Address: 192.168.1.0/24 Destination Address: 192.168.10.0/24 Thank you, Stangride