Hi Antony, Thanks for the rapid response to my post. I see you what you are saying. Maybe I could add a 3rd NIC to the linux router/firewall box and call it eth2 and give it a different subnet like 192.168.2.1 and then 192.168.1.9 will become 192.168.2.2 on the new subnet. By doing so, will I then be able to route data from only the *.7 and *.8 connections on subnet 192.168.1.1 to the box on 192.168.2.2? Thanks for the guidance. Mike Quoting Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx>: > Netfilter (on the gateway router) is no use to you here, because > packets > between machines on the same subnet do not go through the router - > they just > talk to each other directly across your hub / switch. > > Install netfilter on 192.168.1.9 and put rules in the INPUT chain: > > iptables -A INPUT -A INPUT -s 192.168.1.7 -j ACCEPT > iptables -A INPUT -A INPUT -s 192.168.1.0/29 -j DROP > > Regards, > > Antony.
