Re: How to blocks clients between them in subnet
Hi Pol,
On Mon, Jul 18, 2016 at 02:18:03PM +0200, Pol Hallen wrote:
> I've a network 192.168.2.0/24 connected by routing to 192.168.1.0/24
>
> I'd like blocks clients on 192.168.2.0/24 between then in same network.
>
> So, client1 can go to 192.168.1.0/24 but can't see other clients in
> 192.168.2.0/24. And so for all clients.
I'm having difficulty visualising what you're asking. Depending on
what the IP address of client1 is it could be a very different
question. You say "client1 […] can't see other clients in
192.168.2.0/24" so I will have to assume that client1 is also in
192.168.2.0/24. But then it isn't clear why you mention the other
192.168.1.0/24 network at all.
Anyway, if your problem is that you have multiple hosts in the
same layer 3 network (192.168.1.0/24) but you don't want them to
talk to each other: Presumably they are all connected to the same
switch(es), which may have layer 3 firewalling capabilities, but
these will be of no use since they won't see the layer 3 traffic
like a router does.
In an ideal world you'd use VLANs and have the different switch
ports in different networks. Note that just putting hosts in
different networks won't be enough; it would stop them talking to
devices outside their network by default, but they could just add a
static route themselves.
Your switch may have layer 2 firewalling capabilities. If your
switch is actually a Linux box then it certainly does have layer 2
firewalling; this is provided by a thing called ebtables.
After you've put all interfaces of your switch in a software bridge
it can be as simple as:
# ebtables -P FORWARD DROP
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: