I have an OpenWrt 10.03 router [ IP: 192.168.1.1 ], and it has a DHCP server pool: 192.168.1.0/24 - clients are using it through wireless/wired connection. Ok! Here's the catch: I need to separate the users from each other. How i need to do it: by IPTABLES rule [ /etc/firewall.user ]. Ok! "Loud thinking": So i need a rule something like this [on the OpenWrt router]: - DROP where SOURCE: 192.168.1.2-192.168.1.255 and DESTINATION is 192.168.1.2-192.168.1.255 The idea is this. Ok! Questions! - Will i lock out myself if i apply this firewall rule? - Is this a secure method? [ is it easy to do this?: hello, i'm a client, and i say, my IP address is 192.168.1.1! - now it can sniff the unencrypted traffic! :( - because all the clients are in the same subnet! ] - Are there any good methods to find/audit for duplicated IP addresses? - Are the any good methods to find/audit for duplicated MAC addresses? - Are there any good methods to do this IPTALBES rule on Layer2?: `$ wget -q "http://downloads.openwrt.org/backfire/10.03/ar71xx/packages/" -O - | grep -i ebtables` `$ ` p.s.: The rule would be [is it on a good chain?]: iptables -A FORWARD -m iprange --src-range 192.168.1.2-192.168.1.255 --dst-range 192.168.1.2-192.168.1.255 -j DROP Thank you! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110305/580eb8ec/attachment-0002.html>
On 03/05/11 12:58 AM, erikmccaskey64 wrote:> I have an OpenWrt 10.03 router [ IP: 192.168.1.1 ], and it has a DHCP > server pool: 192.168.1.0/24 - clients are using it through > wireless/wired connection. Ok! >um, this is CentOS, not OpenWRT, I believe they have their own email lists... however, since we're here and I've looked into those htings in some depth.... The LAN ports on the WRT54 family routers are a hardware ethernet switch, and packets aren't normally passed through the WRT's processor. You *can* reconfigure the switch to make each LAN port a different VLAN but then every packet has to go through the rather slow WRT CPU, and it only has a single 100baseT ethernet port, which now has to service 5 VLAN (WAN + 4 LANs). The WLAN is on a seperate port to the processor which normally it bridges.