Reply To: Isolate Subnet

Home Page Forums Network Management ZeroShell Isolate Subnet Reply To: Isolate Subnet

#52436

redfive
Participant

If ETH01 is directly connected to the internet( PPPoE ?), four simple rules in forward chain , with DROP as default policy , should be enough for a start config.

1 ACCEPT     all  --  ETH00  *       192.168.1.0/24        0.0.0.0/0
2 ACCEPT all -- ETH03 !ETH00 192.168.2.0/24 0.0.0.0/0
3 ACCEPT all -- ETH03 ETH00 192.168.2.0/24 192.168.1.0/24 state RELATED,ESTABLISHED
4 ACCEPT all -- ETH01 * 0.0.0.0/0 192.168.0.0/22 state RELATED,ESTABLISHED

Default is DROP..
I have the firewall set to Accept-Forward ETH00 and ETH03 to 0.0.0.0/0 -> 0.0.0.0/0

and about ETH01 ?? return traffic seems not allowed…are you using proxy ??
cheers
jonatha