This is not proving so easy. HotLAN's differ from LAN's in that they are not allowed to access the server, so you almost need the concept of Isolated LAN's which are like LAN's but can't talk to each other. I've updated the script for HotLANs:The problem with this approach is that it does not integrate with other functions of ClearOS like OpenVPN. OpenVPN can be got round by adding the subnets to EXTRALANS in /etc/clearos/network.conf. I have no idea what other side effects there are.
As an alternative, you can just create a firewall script to cut communication between the LAN's. It would have to insert rules rather than append them and wit would be better if it ran as an 05- type rule, so before all the 10-rules. I'll have a think about that.
Well, mine is bust. It is showing transmission:299 and 755 permissions and my torrents still work. Check what your umask is set to in /var/lib/transmission/.config/transmission-daemon/settings.json. Mine is set to 18 but you can only change it when transmission is stopped. I may have tweaked umask but I can't remember.
I have the firewall rules working. Create a file /etc/clearos/firewall.d/05-hotlans and in it put:
The restart your firewall.
The problem I am having is that, playing around in a VM, it I try to set both the true LAN interface and VLAN interface to be HotLAN, then there is in error in the Webconfig and /etc/sysconfig/network-scripts/ifup-eth gives "Device enp0s9.100 does not seem to be present, delaying initialisation.". That only happens when I have both enp9s0 and enp9s0.100 set to HotLAN. If either is set to LAN then the Webconfig behaves. It may be different for you in a real environment.
The only other thing you can do is add a bunch of Custom firewall rules to block the traffic you want.
Welcome to the forums. As a new poster, your first couple of posts get moderated so don't appear immediately. I have deleted your other post.
In an ideal world, setting a LAN interface as a HotLAN means it cannot communicate with other LAN's but other LAN's can communicate with it, so you should set all your LANs as HotLAN's, so the answer should be to set all your LAN's as HotLAN's. Unfortunately, the way the rules have been written, they only really work with a single HotLAN - see bug #22711.
This has come up a couple of times recently, and it should be fairly easy to script, deleting all HotLAN rules and replacing them with a new set. I may give it a go next week.
I have two network interfaces enp2s0 = WAN
enp1s0 is LAN, the LAN interface also has two VLANs, which are in these IP segments:
enp1s0 normal LAN 192.168.1.1
enp1s0.3, LAN, Static, 10.10.3.1,
enp1s0.4, LAN, Static, 220.127.116.11
I don't want traffic to be possible between these IP segments, how do I solve this?
All three IP Segments do need Intenet traffic via the WAN connection.
I hope you can halp me with this problem.
I have a enp1s0 in 192.168.8.1 en some VLANS, say VLAN-2 = 10.10.2.1 and VLAN-3 = 172.16.3.1.
How do a block the traffick between all the segments?
A computer on VLAN-3 is not allowd to see the printer who is on 192.168.8.240 or the printer on 10.10.2.250.
All the segments need Internet traffic via enp2s0 witch is the WAN side.
I hoop you can help me.