Blue network to green network

network
firewall

(m_farlotta) #1

Hello everyone, I wanted to know how to access the domain users from the blue (wireless) network to the green network
thank you


(Rob Bosch) #2

May I ask you why you want to have the clients on the blue network to reach the green network? The intention of the blue network is to avoid the option that clients on that network reach thew green network. The blue interface is a so called guest network that only provides internet access for the clients that are connected to a blue network interface.
http://docs.nethserver.org/en/v7/base_system.html#network
If you want wireless clients to reach the/a green network, you should configure them as clients on the/a green interface, not a blue interface.


(Michael Kicks) #3

Well… I disagree.
Your suggestion is correct, but keeping wireless client into a different (blue) subnet can be used for granular access control to Green network.
Only few addresses could access from blue to Green, and only to specific resources (addresses and ports).
Segment the network for better control and a bit more logging.


(Rob Bosch) #4

We sure disagree on the concept of how to use the green/blue/orange/red networks.
If you want to separate wireless and wired clients, but they both need to access services on the network, IMO you should create different green networks/subnets.
The blue network is intended to only provide internet access to clients connected to that network. A blue network will only provide access to the Gateway and internet and that is for a reason.
It’s like using a hammer to get a screw in a piece of wood. Yes, it works, but the best tool for getting a screw in, is a screwdriver, not a hammer. So use a blue interface what it is intended for: internet access. Don’t compromise the green network with access from blue interfaces.


(Michael Kicks) #5

I think (and maybe I am wrong) the most suitable approach is scenario-based.

With tenths of wireless clients, separate network segments and SSIDs (even better, access points) you’re totally right.

But in case of 2 or 3 wireless clients (for Green zone) and an already established Blue Zone Wireless network, I think that create reservations, add ip binding, create specific firewall rules for the wanna-be Green Zone clients could be a better approach than put whole wireless segment on Green Zone.
I personally do not consider a WLAN without RADIUS server or MacAddress filtering a… Good Green zone.

IMHO… :slight_smile: