I'll try that on-list this time......
An iptables rule in the FORWARD chain to DROP all packets to/from that network? Using the FORWARD chain should allow access from the server's IP address, but not allowing any forwarded traffic.
Regards,
Leigh
Leigh Sharpe
Network Systems Engineer
Pacific Wireless
Ph +61 3 9584 8966
Mob 0408 009 502
email lsharpe@xxxxxxxxxxxxxxxxxxxxxx
web www.pacificwireless.com.au
-----Original Message-----
From: jfulton@xxxxxxxxxx [mailto:jfulton@xxxxxxxxxx]
Sent: Wednesday, September 06, 2006 5:08 AM
To: lartc@xxxxxxxxxxxxxxx
Subject: Routing question
I've always had to either have routing on, or off on a system.
For the first time this week I have a system on the internet but with
one connection to a private network to manage a piece of network gear.
The situation is where I have a server on a 802.1q trunk with 4 VLAN
interfaces on the internet and needs standard routing across the
interfaces, eth0.3, eth0.7, eth0.10, and eth0.11 all with public
address space and has standard routing.
I just turned up eth0.2 on a private network (192.168.x.x) that I
need to prevent any traffic from the public interfaces from reaching.
After dipping into the iprouting documentation, it's only confused me
more. I assume this is accomplished with a rule but sofar I have only
been able to completely shut off access to the private network
entirely including the server's access to that subnet.
Could someone point me to an example of how this can be done?
Thank you!
John Fulton
Anchorage, AK
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
