On Monday 10 May 2004 5:23 pm, michael@xxxxxxxxx wrote:
> The LAN currently has 5 computers connected to it with static IP
> addresses:
>
> 192.168.1.2
> 192.168.1.3
> 192.168.1.4
> 192.168.1.5
> 192.168.1.6
>
> I will be adding 3 more machines with with static IP addresses:
>
> 192.168.1.7
> 192.168.1.8
> 192.168.1.9
>
> Issue:
>
> *.9 needs to remain accessible from *.7 and *.8; however, I need to
> restrict any connection or accessibility to *.9 from *.2 - *.6.
Netfilter (on the gateway router) is no use to you here, because packets
between machines on the same subnet do not go through the router - they just
talk to each other directly across your hub / switch.
Install netfilter on 192.168.1.9 and put rules in the INPUT chain:
iptables -A INPUT -A INPUT -s 192.168.1.7 -j ACCEPT
iptables -A INPUT -A INPUT -s 192.168.1.0/29 -j DROP
Regards,
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
