I want to separate two networks (A+B) but still be able to use the internet (terminal based access is sufficient) of network A from a device (PC running arch Linux, let's call it "host pc") inside network B. I want to make sure, that no clients/devices inside network A can communicate to clients/devices inside network B.
To realize this, my idea was to use an old pc with arch Linux running on it. On this box ("host pc") I installed and configured a lxc container running arch Linux as well. Network A can be accessed via Wi-Fi. I configured the Wi-Fi USB adapter on the host pc to run inside the container exclusively, thus creating a somewhat virtual machine. I can SSH into the host PC coming from network B and thus change into the container to access the internet of network A.
Network A and B run on different subnets. I installed a firewall on the host pc and inside the container. On the host pc all incoming and outgoing traffic is denied (except SSH). On the container all incoming traffic is denied, outgoing traffic is allowed.
To better visualize my setup, I drew a rough schema:
[NETWORK A, Wifi AccessPoint, Internet Access, 192.168.0.0/24] <-wifi-> [{LXC Container, USB Wifi Adapter, 192.168.0.0/24} Host PC, 192.168.1.0/24] <-ethernet(ssh)-> [NETWORK B, 192.168.1.0/24]
So my question is: Is this enough protection? Does anybody see a flaw in my configuration leading to any traffic between network A and B? Obviously I didn't configure any sort of forwarding/NAT.
Highly appreciate any advice / suggestions.
