|
Routing between internal subnets
My main subnet (192.168.10.0) contains all of my servers and the majority of my windows desktops. I want to create a second subnet (192.168.20.0) for some Windows desktops that I want to control access to. Basically I want to be able to restrict which 192.168.10.0 Windows desktops can access the 192.168.20.0 subnet.
I'm hoping to setup a fairly minimal linux machine with two NICs in order to route traffic between the subnets. Eth0 address: 192.168.10.254 Eth1 address: 192.168.20.1 A few questions: 1) How do I go about getting traffic to route across the two NICs? I'm assuming that I need to write an IPTABLES rule to reject the IPs that I'm attempting to block. 2) I think that I need to setup a static route on my firewall (m0n0wall) to route traffic bound for 192.168.20.0 subnet to 192.168.10.254? Is this correct? 3) How do I setup the workstations in the 192.168.20.0 subnet? Do I set their network gateway to 192.168.20.1? Thanks! |
Okay, I've figured out the answer to question one. Looks like I need to turn on IP forwarding.
However, I'm still in the dark on questions 2 and 3... Thanks |
Hi
Quesiton 2 : When you configure an interface, the corresponding static route is automatically added to the routing table, so you've got nothing to do, except adding a default route to your Internet gateway if your PC need to go on Internet. Question 3 : Indeed, the gateway is the destination IP used for every packet that is not on your LAN. It must be 192.168.20.1 since it's the only link between your two subnets that is on the same LAN as your workstations Rk : Before using iptables, just make it work... default iptables behaviour is to accept every packet, so configure the routing and the gateways, make it work, and then only restrict accesses through iptables...one problem at a time is enough ! |
| All times are GMT -5. The time now is 05:34 AM. |