Block showing Shares at WAN interface

Support
,
#1

NethServer Version: 7.9.2009
Module: Firewall

Hi community,
for better understanding first I will describe my network configuration.

  • Server with 4 network interfaces with an installed Proxmox
  • All four interfaces are connected to the same switch
  • The switch is part of a windows network lets say 192.168.10.x
  • A router with 192.168.10.200 is the the gateway to the internet
  • A virtual machine with Nethserver and two network interfaces is installed at Proxmox
  • Nethserver has a green role IP: 192.168.11.1, gateway: empty with following DHCP settings Range:192.168.11.100 to 192.168.11.200, Gateway: 192.168.11.1, DNS 192.168.11.1
  • and a red role with IP:192.168.10.14, Gateway 192.168.10.200
  • DNS of Nethserver is standard google 8.8.8.8
  • The Windows Network has no DHCP

Hope I didn’t forgot anything.
My problem now is, that I don’t want to see the shares of the windows network (192.168.10.x) at my green network (192.168.11.x). 192.168.10.x should have it’s own shares and 192.168.11.x although. Is it possible without VLAN?

Thanks in advance
Michael

#2

Firewall rule.

#3

@m.traeumner

Hi Michael

To be fair, this is “Security by obscurity”, even if using a firewall rule.

A vLAN would be the more secure way, when using only one switch…
But - you do need a vLAN capable Switch. :frowning:

Any host with a network scanner would still “see” the windows network, even if on the NS network…
The switch always transmits both networks…

My Macbook would see both, and only because I have a tool to scan for devices and draw the network with that info… (And me not being a hacker…)

This would be the clean way to seperate networks, when only using one (managed) switch. The vLAN used here is vlan99, this is dedicated to Proxmox. No DHCP, no Gateway.

VLan1 is the normal, untagged network, that’s why one should never use vLans 0 or 1…

Here’s an example with a HP Switch, the vLAN seperated ports are 21, 22, 23, 24 these are only for Proxmox/NAS… (The 4er block to the right).

Bildschirmfoto 2021-01-22 um 15.02.39
Bildschirmfoto 2021-01-22 um 15.02.391996Ă—226 92.5 KB

Bildschirmfoto 2021-01-22 um 13.20.30
Bildschirmfoto 2021-01-22 um 13.20.302214Ă—194 18.5 KB

Bildschirmfoto 2021-01-22 um 13.20.18
Bildschirmfoto 2021-01-22 um 13.20.182228Ă—930 114 KB

1 Like
#4

Thanks Andy,
we have two manageable switches, which we didn’t manage till now and a Lancom router. Also we have some not manageable switches. Do this work?

#5

@m.traeumner

Hi

You can combine managed and unmanaged switches.
You can also pass vPN traffic thru unmanaged switches. You just can’t “control” it…

Lancom should work, depending how current the device is. If it’s OLD, you might have issues…

You can PM me, for more details if needed.

My 2 cents
Andy

2 Likes