Solved

Possible to just filter packets on the same SUBNET?

Posted on 2004-08-19
1
232 Views
Last Modified: 2010-04-09
Hello everyone,


we run about 15 servers on one network subnet 138.240.260.0.  not physically the subnet for security reasons on experts-exchange.   this is our logical setup though!  We would like to hardware firewall 3 Servers with the ips 138.240.260.136, 138.240.260.137, 138.240.260.138.  But the IP address cannot change.  And we do not want to firewall the entire subnet so we do not effect the other servers.  What is everyone's suggestion on the question?  from what i know.  a standard firewall will need 2 different networks on the front and back side.  I've heard of a hardware device that could sit on the wire just for those 3 servers and strictly filter packets.  While still not changing subnet or ips.  It's a MUST that these IP address not change on the servers so that takes out the possiblity of NAT.  Product suggestions?  Or can we in fact do this on a standard firewall....
0
Comment
Question by:jbsengineer
1 Comment
 
LVL 11

Accepted Solution

by:
PennGwyn earned 125 total points
ID: 11897740
I think what you're saying is that these three servers need to see THEMSELVES at these addresses, and not just that the world needs to reach them at those addresses -- ruling out a  static NAT or port forwarding solution.

Some recent switch models, such as the Cisco 3550, can apply restrictions and/or access-lists to individual ports within a VLAN.  That could be one approach.

MOST firewall products operate as routers, and so need to be at a subnet boundary.  A few, though, can operate as transparent bridges, which solves a number of problems -- including this one.  I've been particularly impressed with solutions from Tipping Point which are built this way.  I don't know if they have a configuration that will meet both your needs and your budget, but check them out.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question