Simulate Lan-Wan...protected access..Pls read and help

[slycat]

I have this weird request that i have yet to try out...
Is it possible to place a machine on the wan port...another few on the lan port(s) of a soho router(dlink,linksys...)
and in doing so firewalling the lan machines?...or the other way round?...

there is no internet access though...basically using the router to separate the segments..


server------------(wan port?)router(lan port?)-----clients. <---or other way round?
192.168.1.1 192.168.0.1.....etc

Basically i want the clients to only have certain port access(like 80, 443) but not be able to do anything else.
Firewall protect the server but allow certain port access. All local, not through the internet. ..and they want to use
the router.

any ideas if this is workable/doable?

 

[ryandmiller]

I think this can normally be accomplished in the filter settings of the SOHO router/whatever.

 

[azev]

Most soho router doesnt allow any kind of filtering going out, so you can only do this backward.
Put the client on the wan port and put the server on the lan port. Then create filter/port forwarding to allow whichever port you want to allow.

 

[slycat]

Originally posted by: azev
Most soho router doesnt allow any kind of filtering going out, so you can only do this backward.
Put the client on the wan port and put the server on the lan port. Then create filter/port forwarding to allow whichever port you want to allow.

the thing there will be a lot fo clients..like say 25 lappys, so i would attach a switch to the wan port which the 'clients' would then plug into...and then the server in the lan port?...wonder if that works.

 

[skyking]

IPFW or PF on a linux box can do what you want, but that can take a while to get the hang of.

 

[azev]

the thing there will be a lot fo clients..like say 25 lappys, so i would attach a switch to the wan port which the 'clients' would then plug into...and then the server in the lan port?...wonder if that works.

This is only for a test right ?? if one computer works the rest will also work. But if you want to test it with all 25 client then assign static ip address on the router, then plug it to a switch then connect all your client and test it. Btw what router are u using ?

 

[slycat]

Originally posted by: azev

the thing there will be a lot fo clients..like say 25 lappys, so i would attach a switch to the wan port which the 'clients' would then plug into...and then the server in the lan port?...wonder if that works.

This is only for a test right ?? if one computer works the rest will also work. But if you want to test it with all 25 client then assign static ip address on the router, then plug it to a switch then connect all your client and test it. Btw what router are u using ?

i can get whatever router i wish...even something along the lines of sonicwall, intrusion, netscreen but i'm trying to
stay along the lines of $100. I mean if a $50 linksys/dlink/smc works, thats all i need. Doesn't need to be hardcore
or stateful. These things will be deployed, then stirpped out within an afternoon so its fine.

In reality i wanna allow 80,443 thats it. Also wondering do they need to be all on the same subnet...
clients---<wan>router<lan>---server

 

[slycat]

Originally posted by: skyking
IPFW or PF on a linux box can do what you want, but that can take a while to get the hang of.

i'd have done that if it was me...but this needs to be a no-hands approach coz the eventual setup is done by
absolute plug-n-play people.