Re: One Nic; Multiple Subnets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-12-27 at 11:38, Mike wrote:
> I've been looking through the monthly archives of this list, but I
> can't find the needle in the haystack.  I saw this question answered
> before, and I'm hoping I'll see it again.  :-)
> 
> I have an old slackware routerbox that only has room for 2 nics.
> Right now there are two nics. in it and they are set up like so:
> 
> eth0 --> Internet (Dynamic IP: Assigned by ISP)
> eth1 --> Lan  (Gateway Interface:  192.168.1.1)
> 
> I will soon be joining some computers from another LAN into the one
> mentioned above.
> I will need to set up security measures so that the new computers will
> not be hacked or viewed by the other users on the LAN.
> 
> Even though I've only got one C-Class subnet (192.168.1.1 - 255), I
> want to create 2 or more "virtual" subnets to reside in this address
> range.
> 
> How do I create the multiple subnets?
> Do I need to use route command or ipsec.?
> And what would the iptables rule look like, where Subnet "B" rejects
> all packets coming from Subnet "A"?
> 
> Is this even close? ---
> $IPTABLES -t filter FORWARD -A -i eth1 -s 192.168.1.2/150
> --to-destination 192.168.1.151/253 -j DENY
> 
> Thank you for your time and help.
> 
> Mike

without physical separation--you have no security.

this may be a stretch, but if the internal switch supports VLANs--you
could VLAN the switch, and create a trunk on eth1 of the linux router. 
that would give some semblance of separation between the two subnets,
but it's still only virtual.  but it's better than plugging all your
machines into that same layer 2 broadcast domain and thinking you can
segment machines from each other.

-j

--
"Here we have an ordinary square.
 Whoa! Slow down egghead!"
	--The Simpsons



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux