The second network needs to be physically behind the server, and connected
to eth0. The server is then their default gateway. Then setup iptables
on the server, with a rule that lets them get to everything EXCEPT your
network. ie if your network is 192.168.1.0:
iptables -A FORWARD -i eth0 -d 192.168.1.0/24 -j DROP
If you switch does vlans, then you can do it without separate physical
connections and only one eth card in the server (with multiple vlan
interfaces), which might be easier...
ray
On Thu, 12 May 2005, Dan Danese wrote:
> Hello.
>
> It's been a while since I have been on the list. How are things in nolug?
>
> Have a question that one of the networking experts might be able to answer.
>
> I have a current network that will be adding another one to itself on a
> different ip scheme.
>
> The path is Internet -> our router (internet gateway) -> our switch => our
> computers. This works.
>
> Now one of the computers on the network will be a server that hosts two
> interfaces. Eth1 is on our network where eth0 is going to be on another
> scheme. The second network needs to only be able to access their server and
> the internet. I do not want them to be able to access our network in
> general.
>
> How would I configure this? I have been looking at route and iptables. So
> far iptables looks like the best bet, but I can't seem to find a decent
> example that will explain it simply.
>
> The server with two interfaces (ie: client server) is Fedora Core 3.
>
>
> Thanks for the help
>
> Dan
>
>
>
>
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ___________________ Nolug mailing list nolug@nolug.orgReceived on 05/12/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST