split/isolate network

[Rashkae]

On 10-11-19 04:24 PM, rikona wrote:
> I'd like to split my local net into two parts which are completely
> isolated, with no possibility of direct communication between them.
> I'm wondering how to do this with a linux box, perhaps as follows:
>
>   cable modem ->  router ->  linux box ->  2 isolated net connections
>
>   I'm not sure what this might be called, and google was not my friend
>   re this problem, so I thought I'd ask here. The linux box would be
>   dedicated, not used for other purposes, and would be an older, much-
>   less-capable-hdwe box.
>
>   One of the net connections [side 1] would have several fixed-IP boxes
>   on it, with NO other box addresses allowed. The other [side 2] would
>   need DHCP, with one or more boxes connected, whose address range does
>   NOT overlap that of side 1. [I'm thinking 192.168... and 10.0... for
>   example.]
>
>   I'm not sure how to do this, but am assuming it is likely possible.
>   Any suggestions for how to do this, or where to find out on the net,
>   would be appreciated.
>    

Actually very easy to do.  However, in this case, you would need a box 
with 3 Ethernet cards.

There is no reason you can't have both 192.168.... and 10.0.... but it's 
not really necessary for this task.  You can simply use two 192.168 
subnets.. ex: 192.168.1.0 for Eth1, 192.168.2.0 for Eth2 and use Eth0 
for Internet

To isolate the two subnets, you need only create a iptables rule that 
fordis forwarding between those two.

iptables -A FORWARD -i eth1 -o eth2 -j REJECT
iptables -A FORWARD -i eth2 -o eth1 -j REJECT

And do the same with ip6tables


You say you aren't a linux guru, but I don't know how much help you 
need. Do you know how to set up a script so that it run on start-up or 
as part of the network set-up?  Do you know how to write scripts at all?