split/isolate network

[rikona]

Hello Steven,

Sunday, November 21, 2010, 10:47:14 AM, Steven wrote:

SS> On Saturday, November 20, 2010, rikona <rikona at sonic.net> wrote:
>>
>> Thanks for the very clear explanation, and especially the example. I
>> learn a lot from well-done examples.
>>
>> I'm concerned about the "could not speak to 192.168.1.129 without a
>> router" above, though. Does this mean that they COULD communicate if I
>> have a router ahead of the splitter box? I was considering:
>>
>>  cable modem -> router/firewall -> linux box -> 2 isolated net
>>  connections
>>
>> If so, does that mean that I would have to prohibit, in the splitter
>> box, *incoming* from the 'other half' IP addresses, to get around this
>> problem? Does the router, in general, essentially undo what I'm trying
>> to do in the splitter box if I ONLY do just splitting?

SS> In this case the Linux box is already acting as a router from the
SS> two isolated networks to the one formed by you router/firewall box
SS> and by default between the two downstream networks as well. Your
SS> upstream firewall/router box is not connected to those networks,
SS> it would not be the source of that problem. To prevent
SS> communication between the two networks you would need a pretty
SS> simple firewall rule on the Linux box that drops packets bound
SS> from one to the other. 

Thanks for the reply. That's what I thought, in my perhaps
not-so-clear statement above. Thanks for verifying another thing I
will need to do. [And, "simple firewall rules" are not always simple
for us net newbies... :-)) - but I'm learning...]

-- 

 rikona