I'm afraid I do not have time to answer in depth today but I'll try to point you in the right direction. On Mon, 2004-12-27 at 11:38, Mike wrote: > I've been looking through the monthly archives of this list, but I > can't find the needle in the haystack. I saw this question answered > before, and I'm hoping I'll see it again. :-) > > I have an old slackware routerbox that only has room for 2 nics. > Right now there are two nics. in it and they are set up like so: > > eth0 --> Internet (Dynamic IP: Assigned by ISP) > eth1 --> Lan (Gateway Interface: 192.168.1.1) > > I will soon be joining some computers from another LAN into the one > mentioned above. > I will need to set up security measures so that the new computers will > not be hacked or viewed by the other users on the LAN. > > Even though I've only got one C-Class subnet (192.168.1.1 - 255), I > want to create 2 or more "virtual" subnets to reside in this address > range. > > How do I create the multiple subnets? You can break them into distinct subnets with subnet masking and bind multiple addresses to the same NIC using iproute2 (the "ip" command). > Do I need to use route command or ipsec.? > And what would the iptables rule look like, where Subnet "B" rejects > all packets coming from Subnet "A"? > > Is this even close? --- > $IPTABLES -t filter FORWARD -A -i eth1 -s 192.168.1.2/150 > --to-destination 192.168.1.151/253 -j DENY You've got the basic idea but both your syntax and your grasp of some fundamental issues seems weak. I would suggest a tour of Oskar Andreasson's iptables tutorial (you can find the link on the netfilter web site (http://www.netfilter.org). You can also find some slide shows on using iptables and iproute2 in the training section of the ISCS network security management project page at http://iscs.sourceforge.net You may also want to brush up on subnet masking. I apologize that this isn't a cook book solution but it sounds like you might be benefited by a little more information besides just the recipe. Good luck - John <snip> -- John A. Sullivan III Open Source Development Corporation Financially sustainable open source development http://www.opensourcedevel.com
