jeff@csd4.csd.uwm.edu (Jeff Olenchek) (11/07/90)
Has anyone out there tried to use the ip access control feature to create
a list of hosts/nets which can send/receive traffic on a particular interface?
Our configuration
= = = = = = = = = P3011 - P2411 - P3011 = = = = = = = = =
// \\
P3010 | P3010
| | |
[129.89.1.3] [129.89.1.1] [129.89.1.2]
__________ __________ __________
|P4211 | |P4211 | |P4211 |
|--------| |--------| |--------|
|P4200-10| [134.48.8.1] |P4220 | [129.89.5.1] |P4200-10|
|--------| modem -v.35-|P4298-03|-v.35- modem |--------|
|P4214 | | |--------| | |P4214 |
|________| 134.48.8.2 |P4200-20| 129.89.5.8 |________|
|--------|
[129.89.4.1] |P4214 |-[129.89.2.15] [129.89.3.1]
| |________| ethernet |
| [129.89.7.1]-|P4214 | | |
ethernet ethernet |________| | ethernet
[129.89.8.1]-|P4214 | |
ethernet |________| [129.89.2.1]--[131.210.0.0]
What we want to do is to allow only specified hosts on the 129.89 net
to be able to send/receive packets through our off-campus link (129.89.5.1).
All other traffic, to/from any hosts, must be allowed between any of the
other interfaces. Traffic from the 134.48 and 131.210 nets must go through
unhindered. Our list of authorized hosts might be large (greater than 100).
Our reason for doing this is that we have telnet servers on the net (terminal
servers, public micros, etc.) which people can use without any access
verification. We do not want people getting out on to the internet without
first logging in to one of our designated systems.
Thank you,
Jeff Olenchek
University of Wisconsin - Milwaukee Computing Services Division
jeff@csd4.csd.uwm.edu