-ray wrote:
>
> The second network needs to be physically behind the server, and
> connected to eth0. The server is then their default gateway. Then
> setup iptables on the server, with a rule that lets them get to
> everything EXCEPT your network. ie if your network is 192.168.1.0:
>
> iptables -A FORWARD -i eth0 -d 192.168.1.0/24 -j DROP
>
> If you switch does vlans, then you can do it without separate physical
> connections and only one eth card in the server (with multiple vlan
> interfaces), which might be easier...
>
If the other network does not need to pass through (transit) your network via
this server for it's internet connectivity then you need not enable IP
Forwarding (routing) at all. In other words, if eth1's network has a separate
path to the internet, then you can put the following in /etc/sysctl.conf
# Disables packet forwarding
net.ipv4.ip_forward = 0
-- Scott Harney <scotth@scottharney.com> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 ___________________ Nolug mailing list nolug@nolug.orgReceived on 05/12/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST