On Mon, Jul 18, 2016 at 02:18:03PM +0200, Pol Hallen wrote:
I all I've a network 192.168.2.0/24 connected by routing to 192.168.1.0/24 I'd like blocks clients on 192.168.2.0/24 between then in same network.So, client1 can go to 192.168.1.0/24 but can't see other clients in 192.168.2.0/24. And so for all clients.
IMO, your best bet is to physically isolate the networks. 192.168.1.0/24 clients are on one switch, and 192.168.2.0/24 clients are on another switch. Only a single gateway host connects the two switches, and all clients must route through this host to reach the other network.
If both clients are on a shared network segment, then what's to stop a 192.168.1.0/24 client adding a 192.168.2.0/24 IP to their network adapter and talking directly? If you trust the hosts not to do that, then you could still work as above, but note that firewall rules will become a bit more complex (you can't assume that eth0 talks to 192.168.1.0/24 and eth1 talks to 192.168.2.0/24, for example). It's not impossible, but needs a bit more care.
Any idea? thanks! Pol
-- For more information, please reread.
Attachment:
signature.asc
Description: PGP signature