From: Mike <1100100@gmail.com>
To: Jason Opperisano <opie@817west.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: One Nic; Multiple Subnets
Date: Mon, 27 Dec 2004 12:57:54 -0500 [thread overview]
Message-ID: <8ca42282041227095735105c6@mail.gmail.com> (raw)
In-Reply-To: <1104166362.6322.26.camel@hubcap.ljm.dom>
Jason,
Thanks for the reply.
Sounds like a second nic. is really what's needed here.
John Sullivan suggested it could be done using iptables in combination
with iproute2; but I'm not sure I could manage it well. I'm
challenged enough by iptables, itself.
I'm thinkin' new mobo/cpu/ram combo. for $150 from newegg.com :-)
Best regards.
Mike
On Mon, 27 Dec 2004 11:52:42 -0500, Jason Opperisano <opie@817west.com> wrote:
> On Mon, 2004-12-27 at 11:38, Mike wrote:
> > I've been looking through the monthly archives of this list, but I
> > can't find the needle in the haystack. I saw this question answered
> > before, and I'm hoping I'll see it again. :-)
> >
> > I have an old slackware routerbox that only has room for 2 nics.
> > Right now there are two nics. in it and they are set up like so:
> >
> > eth0 --> Internet (Dynamic IP: Assigned by ISP)
> > eth1 --> Lan (Gateway Interface: 192.168.1.1)
> >
> > I will soon be joining some computers from another LAN into the one
> > mentioned above.
> > I will need to set up security measures so that the new computers will
> > not be hacked or viewed by the other users on the LAN.
> >
> > Even though I've only got one C-Class subnet (192.168.1.1 - 255), I
> > want to create 2 or more "virtual" subnets to reside in this address
> > range.
> >
> > How do I create the multiple subnets?
> > Do I need to use route command or ipsec.?
> > And what would the iptables rule look like, where Subnet "B" rejects
> > all packets coming from Subnet "A"?
> >
> > Is this even close? ---
> > $IPTABLES -t filter FORWARD -A -i eth1 -s 192.168.1.2/150
> > --to-destination 192.168.1.151/253 -j DENY
> >
> > Thank you for your time and help.
> >
> > Mike
>
> without physical separation--you have no security.
>
> this may be a stretch, but if the internal switch supports VLANs--you
> could VLAN the switch, and create a trunk on eth1 of the linux router.
> that would give some semblance of separation between the two subnets,
> but it's still only virtual. but it's better than plugging all your
> machines into that same layer 2 broadcast domain and thinking you can
> segment machines from each other.
>
> -j
>
> --
> "Here we have an ordinary square.
> Whoa! Slow down egghead!"
> --The Simpsons
>
>
next prev parent reply other threads:[~2004-12-27 17:57 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-12-24 18:30 Drop packets with low IP Time to Live field value Jorge Agrelo
2004-12-24 18:56 ` Jason Opperisano
2004-12-25 2:08 ` Chris Brenton
2004-12-27 15:25 ` Nick Drage
2004-12-27 16:38 ` One Nic; Multiple Subnets Mike
2004-12-27 16:52 ` Jason Opperisano
2004-12-27 17:57 ` Mike [this message]
[not found] ` <16365.213.236.112.75.1104237335.squirrel@213.236.112.75>
2004-12-28 17:35 ` Mike
2004-12-27 17:01 ` John A. Sullivan III
2004-12-27 17:43 ` Mike
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8ca42282041227095735105c6@mail.gmail.com \
--to=1100100@gmail.com \
--cc=netfilter@lists.netfilter.org \
--cc=opie@817west.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.