-2

I have 4 different subnets that go in to one Linux box that have openswan and configured VPN's. In the linux box i have configured one interface that is public and sub interfaces that are private. For example 

eth0   - 1.1.1.1
eth0:0 - 192.168.0.1
eth0:1 - 192.168.1.1
etc...

And PC from 192.168.0.1 can reach PC that is on 192.168.1.1. I need to disable this type of communication. Iptables is the answer as i know but im confused about the rule how should be implement. Or if there is some other way to do it it will be great.

EEAA
  • 108,414
  • 18
  • 172
  • 242
IvanCD
  • 27
  • 1
  • 8

1 Answers1

0

It sounds like you are trying to use the wrong tool for the job. The proper tool to use for the job would be VLAN tagging.

You can use the vconfig command to configure different VLANs on the network interface. For example you can create eth0.1 with the command vconfig add eth0 1.

Using those instead of interface aliases, you can achieve real separation between the subnets. It requires a managed switch tough. I think what you are trying to do is impossible without a managed switch.

Once that is in place, you can use iptables rules to filter traffic between the subnets.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • Because i want to avoid downtime i was hoping to resolve this with iptables, but i'm guess i'll go with vlan configuration anyway ... thanks. – IvanCD Aug 08 '14 at 13:21
  • Hi, i need an iptables rules for this purpose. I can't use VLANs in this scenario. Is there any way to do this ? – IvanCD Oct 22 '14 at 11:42