xpenziuz
January 5th, 2011, 20:49
hi. i have a network like this:
| |--VLAN100 (192.168.3.1)| LOCAL-VLAN
ISP--PUB-IP-- |
| |--VLAN200 (192.168.2.1)| LOCAL-VLAN
I use these rules,
ext_if = "re1"
vlan100 = "vlan100"
vlan200 = "vlan200"
nat on $ext_if from $vlan100 to any -> ($ext_if)
nat on $ext_if from $vlan200 to any -> ($ext_if)
pass on $vlan100 from $vlan100:network to any
pass on $vlan200 from $vlan200:network to any
The problem is really that when i use the rules above i can go from vlan100 to vlan200 via nat, i want to have rules like pass on $vlan100 from $vlan100:network to any [B]out via $ext_if so that traffic only is possible between $ext_if and vlan100 not between vlan100 and vlan200, is there nice way to do this ?
Thanks for all reply's :)
Alex
| |--VLAN100 (192.168.3.1)| LOCAL-VLAN
ISP--PUB-IP-- |
| |--VLAN200 (192.168.2.1)| LOCAL-VLAN
I use these rules,
ext_if = "re1"
vlan100 = "vlan100"
vlan200 = "vlan200"
nat on $ext_if from $vlan100 to any -> ($ext_if)
nat on $ext_if from $vlan200 to any -> ($ext_if)
pass on $vlan100 from $vlan100:network to any
pass on $vlan200 from $vlan200:network to any
The problem is really that when i use the rules above i can go from vlan100 to vlan200 via nat, i want to have rules like pass on $vlan100 from $vlan100:network to any [B]out via $ext_if so that traffic only is possible between $ext_if and vlan100 not between vlan100 and vlan200, is there nice way to do this ?
Thanks for all reply's :)
Alex