Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: belyache on October 04, 2006, 08:59:59 PM
-
Hi all:
I have been working on a bsic routing problem that I am sure can be fixed through iptables. However, the issue is blocking 1 or multiple IP addresses. This seems simple but I can't find any good explanation of how to accomplish it.
This is what I need.
I have set a second IP address on the LAN card (I know it's not supported) and added the network as a local network. Now the tricky part. I want to block all access from the added network to the original network, except for the SME server (i.e. the SME LAN address).
So, these are the particulars.
eth0 = 192.168.10.1 255.255.255.0
eth0:0 = 10.0.10.1 255.255.255.0
local network added as:
IP = 10.0.10.0
MASK = 255.255.255.0
ROUTER = 192.168.10.1
Bsically the eth0:0 is a quarantined network that is not supposed to be able to see the 192.168.10.0 network. But the iptables entry looks something like this:
chain local_chk_5763
accept all -- anywhere anywhere
accept all -- 192.168.10.0/24 anywhere
accept all -- 10.0.10.0/24 anywhere
I want the last 2 lines to basically do this (in my poor iptables language)
accept all 10.0.10.0/24 192.168.10.1/30 ---- I think the mask is right?
deny 10.0.10.0/24 192.168.10.0/24
Can anyone help.
Glenn