[Firewall] Question

Gene Cooper gcooper at sonoracomm.com
Mon Oct 13 20:48:17 CEST 2014


Hi Morten,

You mean ETH1, right?

In previous situations, I have added simple firewall rules to block 
10.0.0.0/8 from 10.0.0.0/8.  You might need to specify source or 
destination interfaces, or whatever to make the rules more granular if 
you need to, but that will mean you need more rules.

Also, drop 192.168.0.0/24 from 10.0.0.0/8 plus 10.0.0.0/8 from 
192.168.0.0/24.

There's probably a better way and I'm no firewall expert, but it's 
simple and works.  If there is a better way, I'd like to know too.  ;-)

Thanks,

G

On 10/13/2014 08:05 AM, Morten wrote:
> Hi!
>
> I have six nics in a server that I will use as a firewall/router.
> They are setup like this:
>
> eth0: 192.168.1.0/24 <http://192.168.1.0/24>
> eth1: dhcp (external / internet)
> eth2: 10.0.0.0/24 <http://10.0.0.0/24>
> eth3: 10.0.1.0/24 <http://10.0.1.0/24>
> eth4: 10.0.2.0/24 <http://10.0.2.0/24>
> eth5: 10.0.3.0/24 <http://10.0.3.0/24>
> eth6: 10.0.4.0/24 <http://10.0.4.0/24>
>
> I don't want any of the internal networks to be able to reach each
> other, but they should be able to connect to internet through eth2.
>
> How should i setup the configuration file correct?
>
> Regards,
> Morten
>
>
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>

-- 

===========================
Gene Cooper
Sonora Communications, Inc.
1215 E. Pennsylvania Street
Tucson, AZ 85714

(520)407-2000 x101
(520)888-4060 fax


More information about the Firewall mailing list