Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 3614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to use eth2 and block ports

Marco Bonciolini

hello, i'm working on a Sophos SG 105 (in my office), on eth 0 i have internal lan (192.168.1.X), in lan i have a server with DHCP, well.. 

At my office i have a Wireless Bridge to my house but i in my house i have a router with DHCP... I just delete any type on IP conflict (different range of dhcp, etc.)

I'd like to connect wireless bridge to SG 105 Eth2 (could be Internal Lan like eth0) but i need to block DHCP ports (67/68 udp) from/to this port..

Is that possible? How can i do that?
Thank you



This thread was automatically locked due to age.
Parents
  • 0

    The UTM firewall blocks everything by default.  In any case, DHCP broadcasts don't travel outside an Ethernet segment without a relay - a firewall rule alone won't facilitate the traversal of the UTM by DHCP broadcasts.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    At this time are in the same Ethernet segment.

    UTM -> ETH0 -> SWITCH

    On Switch i have an access point (Brdige mode) link to another access point (Bridge mode) at my home.
    At my home i have an Adsl with DHCP in the same lan.

    In fact if i connect my laptop to office switch, sometimes i take IP from home DHCP and sometimes to Office one.

    You know what i mean?
    I want to surf to my office network from home but DHCP must separate, can't travel to bridge.

  • 0 in reply to Marco Bonciolini

    You shouldn't have your home and office bridged, Marco.  Your idea of connecting the wireless bridge to a different interface is the right thing to do.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Home and Office are in Bridge because i need to work from home and use office network shares, i could buy another SG 105 and create a VPN site to site but i have only one.
    So, i can connect wireless bridge to a different interface (like ETH2) but how can i block DHCP? How can set my Firewall to block 67/68  UDP from/to ETH2 port? 
    I can create an Ethernet Bridge with ETH0(lan) and ETH2(Home) and then make them become one network, it works but that's not good yet. 

Reply
  • 0 in reply to BAlfson

    Home and Office are in Bridge because i need to work from home and use office network shares, i could buy another SG 105 and create a VPN site to site but i have only one.
    So, i can connect wireless bridge to a different interface (like ETH2) but how can i block DHCP? How can set my Firewall to block 67/68  UDP from/to ETH2 port? 
    I can create an Ethernet Bridge with ETH0(lan) and ETH2(Home) and then make them become one network, it works but that's not good yet. 

Children
  • 0 in reply to Marco Bonciolini

    Conceptually, Marco, there's no difference between a site-to-site VPN and connecting your wireless bridge to eth2.  I'm giving you the correct solution, but I don't understand what more I need to explain.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I understand Bob, connection office - home works, i just need to Block Dhcp through Bridge. I need to know (if possible) if i can block any ports on specific interface like Eth2.

  • 0 in reply to Marco Bonciolini

    Marco, I think we're getting confused by the term "wireless bridge." This is no different than having an Ethernet cable connecting eth2 to your home network.  There should be no "bridge" configured on the UTM, so no DHCP should pass through the UTM in either direction.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML