split/isolate network
Steven Susbauer
steven at too1337.com
Sun Nov 21 18:47:14 UTC 2010
On Saturday, November 20, 2010, rikona <rikona at sonic.net> wrote:
>
> Thanks for the very clear explanation, and especially the example. I
> learn a lot from well-done examples.
>
> I'm concerned about the "could not speak to 192.168.1.129 without a
> router" above, though. Does this mean that they COULD communicate if I
> have a router ahead of the splitter box? I was considering:
>
> cable modem -> router/firewall -> linux box -> 2 isolated net
> connections
>
> If so, does that mean that I would have to prohibit, in the splitter
> box, *incoming* from the 'other half' IP addresses, to get around this
> problem? Does the router, in general, essentially undo what I'm trying
> to do in the splitter box if I ONLY do just splitting?
In this case the Linux box is already acting as a router from the two
isolated networks to the one formed by you router/firewall box and by
default between the two downstream networks as well. Your upstream
firewall/router box is not connected to those networks, it would not
be the source of that problem. To prevent communication between the
two networks you would need a pretty simple firewall rule on the Linux
box that drops packets bound from one to the other.
More information about the ubuntu-users
mailing list