Re: One Nic; Multiple Subnets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John,

Thanks for the prompt reply.
I'd like not to be weak on the fundamentals so I'll start down the
path by way of your suggested links.
It sounds like the situation would be much less complicated if I could
simply throw another NIC in the routerbox.  An inexpensive mobo,cpu,
and RAM combo. may save alotta headaches in this endeavor.

Best regards.

Mike


On Mon, 27 Dec 2004 12:01:42 -0500, John A. Sullivan III
<jsullivan@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I'm afraid I do not have time to answer in depth today but I'll try to
> point you in the right direction.
> 
> On Mon, 2004-12-27 at 11:38, Mike wrote:
> > I've been looking through the monthly archives of this list, but I
> > can't find the needle in the haystack.  I saw this question answered
> > before, and I'm hoping I'll see it again.  :-)
> >
> > I have an old slackware routerbox that only has room for 2 nics.
> > Right now there are two nics. in it and they are set up like so:
> >
> > eth0 --> Internet (Dynamic IP: Assigned by ISP)
> > eth1 --> Lan  (Gateway Interface:  192.168.1.1)
> >
> > I will soon be joining some computers from another LAN into the one
> > mentioned above.
> > I will need to set up security measures so that the new computers will
> > not be hacked or viewed by the other users on the LAN.
> >
> > Even though I've only got one C-Class subnet (192.168.1.1 - 255), I
> > want to create 2 or more "virtual" subnets to reside in this address
> > range.
> >
> > How do I create the multiple subnets?
> You can break them into distinct subnets with subnet masking and bind
> multiple addresses to the same NIC using iproute2 (the "ip" command).
> > Do I need to use route command or ipsec.?
> > And what would the iptables rule look like, where Subnet "B" rejects
> > all packets coming from Subnet "A"?
> >
> > Is this even close? ---
> > $IPTABLES -t filter FORWARD -A -i eth1 -s 192.168.1.2/150
> > --to-destination 192.168.1.151/253 -j DENY
> You've got the basic idea but both your syntax and your grasp of some
> fundamental issues seems weak.  I would suggest a tour of Oskar
> Andreasson's iptables tutorial (you can find the link on the netfilter
> web site (http://www.netfilter.org).  You can also find some slide shows
> on using iptables and iproute2 in the training section of the ISCS
> network security management project page at http://iscs.sourceforge.net
> You may also want to brush up on subnet masking.
> 
> I apologize that this isn't a cook book solution but it sounds like you
> might be benefited by a little more information besides just the
> recipe.  Good luck - John
> <snip>
> --
> John A. Sullivan III
> Open Source Development Corporation
> Financially sustainable open source development
> http://www.opensourcedevel.com
> 
>


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux