Difference between revisions of "User:Pgmurphy/SecureVLANs"
Jump to navigation
Jump to search
m |
(→Issues) |
||
| Line 22: | Line 22: | ||
Solution: | Solution: | ||
*Configure the firewalls on these machines to block access to 172 ranges. | *Configure the firewalls on these machines to block access to 172 ranges. | ||
| + | |||
| + | -A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT | ||
| + | -A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT | ||
| + | -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT | ||
| + | -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT | ||
Revision as of 14:30, 13 December 2006
Private VLANS created for:
- Cameras
- PERYTON
- GRIFFIN
- Printers
- ECEPRINT
- SENTINEL
- OM
- LightsOut Management cards
- All Managed Servers
Setup
Allow 172 VLANS to only communicate (in/out) with:
- 152.14.98.x
- 152.1.51.x
Issues
Issues to address:
- Research machines in the server rooms
- Remote access machines in the server rooms
Solution:
- Configure the firewalls on these machines to block access to 172 ranges.
-A OUTPUT -p ALL -d 172.25.0.128/25 -j REJECT -A OUTPUT -p ALL -d 172.26.0.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.0/24 -j REJECT -A OUTPUT -p ALL -d 172.26.1.128/25 -j REJECT