2015-11-22 - Re: [GRASE-Hotspot] Network access
Header Data
From: Jean Létourneau <ve***t@gmail.com>
Message Hash: 7e4d7d7b9b8a0437e428003c148fff454373d1473df35bd608cebf957d08b43d
Message ID: <CACJdL0OkQX3vJx=jcrfFv3x3z_=qnoQkUtxQMk-hF5Q9U7yqCQ@mail.gmail.com>
Reply To: <EBFAAC4D-F1C8-4075-ABED-CBE04672E0F5@argyle.com.au>
UTC Datetime: 2015-11-22 16:51:01 UTC
Raw Date: Sun, 22 Nov 2015 18:51:01 -0500
Raw message
On Sun, Nov 22, 2015 at 5:07 PM, David Wilson <da***e@argyle.com.au> wrote:
> Hi Jean,
>
Hi Dave,
>
> Can you confirm your LAN IP?
>
> you wrote 10.10.1
> I think you meant 10.1.0.1
> But can you confirm.
>
Yes it is 10.1.0.1
> By default Grase will let hotspot users access the WAN, which is meant to
> be the Internet although there could be other things in the WAN as well as
> the internet.
> So putting the WAN interface of your Grase server on your private network
> is not a good idea.
>
I did not realise until I read your e-mail, that make sens.
If your router supports it you could create an extra v-lan for your Grase
> WAN interface and have firewall rules blocking anything from that new v-lan
> to your private network. So you would have
>
Ok will do that, since I am not a network guru it is not clear in my
head,
right now my Grase server run on ESXI that include other server the
private network has to use. I will draw something using what you suggest
below, That should help me understanding.
> 1. Private network
> 2. Grase WAN
> 3. Grase LAN (guest hotspot users)
>
> and your rules would be
>
> a) Private Network > Internet ALLOW
> b) Grase WAN > Internet ALLOW
> c) Grase WAN > Private Network BLOCK
> d) Private Network > Grase WAN ALLOW
> and you would keep the Grase LAN off the router altogether
>
Thanks for your time and replies. I will post here my result later this
week.
> Alternatively, you would need to create a firewall rule on your Grase
> server to block everything to your private subnet (except your internet
> gateway/router).
>
That propably exist all ready, since from my private network I can access
the Grase server but no other devices, (On the 10.1.0.xx)
> Dave
>
Thanks
Jean
Thread
-
Return to November 2015
- Return to “David Wilson <da***e@argyle.com.au>”
-
Return to “Jean Létourneau <ve***t@gmail.com>”
- 2015-11-22 (Sun, 22 Nov 2015 10:16:16 -0500) - Network access - Jean Létourneau <ve***t@gmail.com>
- 2015-11-22 (Mon, 23 Nov 2015 09:07:52 +1100) - Re: [GRASE-Hotspot] Network access - David Wilson <da***e@argyle.com.au>
- 2015-11-22 (Sun, 22 Nov 2015 18:51:01 -0500) - Re: [GRASE-Hotspot] Network access - Jean Létourneau <ve***t@gmail.com>
- 2015-11-22 (Mon, 23 Nov 2015 09:07:52 +1100) - Re: [GRASE-Hotspot] Network access - David Wilson <da***e@argyle.com.au>