firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Securing Wireless with ASA-5510 (Nikolay Karafezov)
2. Bridge with transparent proxy (Jorge Augusto Senger)
3. Re: Securing Wireless with ASA-5510 (Paul Murphy)
----------------------------------------------------------------------
Message: 1
Date: Tue, 15 May 2007 10:32:54 -0700
From: "Nikolay Karafezov" <NKarafezov@us.fujitsu.com>
Subject: Re: [fw-wiz] Securing Wireless with ASA-5510
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <2D68F7751C603D46B68403D3A7B854A4819AD9@faimail>
Content-Type: text/plain; charset="us-ascii"
Charlie,
You might want to take a look at DD-WRT as an alternative for the
Linksys. The firmware enables support for VLANs, multiple SSID, etc.
Nik
________________________________
From: firewall-wizards-bounces@listserv.cybertrust.com
[mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of
Charlie Quick
Sent: Monday, May 14, 2007 4:24 PM
To: firewall-wizards@listserv.cybertrust.com
Subject: [fw-wiz] Securing Wireless with ASA-5510
Hi All,
I have an ASA 5510 and a 3500 XL switch. I have a Linksys AP, no routing
on it; I want to secure it so that only internet can be accessed. How
can this be done with vlans and access-lists?
Does the asa support vlan routing?
Currently, the Linksys is sitting on the switch and anyone who connects
has access to the internal network. Eventually, I will get a Cisco
aironet that supports multiple ssid and set up vlans via guest and
employee.
-Charlie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20070515/33319a2d/attachment-0001.html
------------------------------
Message: 2
Date: Wed, 16 May 2007 09:42:18 -0300
From: Jorge Augusto Senger <jorge@br10.com.br>
Subject: [fw-wiz] Bridge with transparent proxy
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <464AFC2A.9000002@br10.com.br>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hy folks,
I'm loosing my mind trying to configure a bridge with transparent proxy.
Here is the scenario, very simple:
[ INTERNET ] <--- eth0 ---> [ BRIDGE ] <--- eth1 ---> [ LAN ]
Well, the bridging functions are working fine. The traffic is passing
trough and I can filter using iptables and ebtables.
But, I can't use -j REDIRECT to some local port. When I put a rule
redirecting traffic on www port to local proxy port, the counters shows
packets passing trough, but nothing happens.
Wondering if it was a squid problem, I tryed to redirect the traffic in
some high port (8000) to port 22 on localhost. Nothing happened too.
About my machine:
Debian Sarge
Kernel 2.6.18 (compiled with all bridge modules)
Iptables 1.3.6 (patched with L7)
Rules:
ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 \
- --ip-destination-port 80 -j redirect --redirect-target ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 \
- -j REDIRECT --to-port 3128
I hope that you guys can help me.
Thanks a lot,
Jorge Augusto Senger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGSvwqypvwDfwTKYARArCqAJ40LfRFiQtCqGkfLS44cukVD0/etwCeMUrp
6v2QnZwwefco15U8DgBYp4k=
=lBVy
-----END PGP SIGNATURE-----
------------------------------
Message: 3
Date: Tue, 15 May 2007 16:39:52 -0500
From: Paul Murphy <Paul_Murphy@fd.org>
Subject: Re: [fw-wiz] Securing Wireless with ASA-5510
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<OF42F108EE.DCAFF2AF-ON862572DC.00764C45-862572DC.007701F9@fd.org>
Content-Type: text/plain; charset=US-ASCII
Charlie,
You should be able to create multiple vlans on your switch and
corresponding vlans on your firewall. Tag (trunk) the uplink to your
firewall. Your vlans will be configured as virtual interfaces on your
firewall.
Paul Murphy
"Charlie Quick"
<charlieq@ironcla
d.com> To
Sent by: <firewall-wizards@listserv.icsalabs
firewall-wizards- .com>
bounces@listserv. cc
icsalabs.com
Subject
[fw-wiz] Securing Wireless with
05/15/2007 09:41 ASA-5510
AM
Please respond to
Firewall Wizards
Security Mailing
List
<firewall-wizards
@listserv.icsalab
s.com>
Hi All,
I have an ASA 5510 and a 3500 XL switch. I have a Linksys AP, no routing on
it; I want to secure it so that only internet can be accessed. How can
this be done with vlans and access-lists?
Does the asa support vlan routing?
Currently, the Linksys is sitting on the switch and anyone who connects has
access to the internal network. Eventually, I will get a Cisco aironet that
supports multiple ssid and set up vlans via guest and employee.
-Charlie
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 13, Issue 6
***********************************************
No comments:
Post a Comment