2012-05-17 - Re: [GRASE-Hotspot] Grase make a bridge??

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: dd6f4898aa9d8facdfa77c0f13308cf46889826d896d853eb6ca37e37a730c55
Message ID: <CAESLx0KUn+4e567g-LCDehpOw2KfhuN4WTKoZSOMao7dyuV2pQ@mail.gmail.com>
Reply To: <CAMUL4zuSO4TJ+DYWLNDoEdHgKt30nvxDyT0HsYw2T+Gv_wypwA@mail.gmail.com>
UTC Datetime: 2012-05-17 21:47:52 UTC
Raw Date: Fri, 18 May 2012 14:47:52 +1000

Raw message 

On Fri, May 18, 2012 at 10:05 AM, Salvatore Alessio Romano
<sa***o@gmail.com> wrote:
> Hi Tim,
> sorry for my english! I've installed grase hotspot in a linux server with 2
> NIC and the system works fine but there is a little problem. Grase is
> configure to assign IP addresses from class 10.0.0.1 to client connected to
> eth1. Eth0 has IP address in the 192.168.1.xxx class, as all other pc and
> servers in my wired lan. The devices in hotspot system (with IP 10.0.0.xxx)
> pings the devices in my wired lan (192.168.1.xxx). How is it possible? Why
> hotspot system makes a bridge? How I can configure hotspot to can't permit
> to surf in my wired lan?
> Thank you in advance.

Hi Salvo.
The Hotspot isn't making a "bridge", it just treats everything
"upstream" of the server as the Internet. Your hotspot users shouldn't
be able to access the wired lan, unless they are authenticated for
accessing the internet.

If you don't wish for the hotspot users to have any access to the LAN,
you'll need to add some firewall rules. I'm not able to give you any
specifics right now, but essentially you want to prevent outgoing
packets from the hotspot server, to any LAN machines, except the
upstream router. Depending on whether the Hotspot server itself needs
to communicate with the LAN will determine how you need to construct
that rule.

I'll try and provide examples when I can. Hope that helps.

Tim

Thread