Home Page › Forums › Network Management › ZeroShell › Isolate Subnet › Reply To: Isolate Subnet
August 26, 2012 at 11:20 am
#52438
Participant
Without a rule to permit the return traffic , only http traffic will be allowed, thanks to http proxy , but https traffic will be denied… The 192.168.0.0/22 is a manual-summarized network or supernet ( /22 mask is wider than /24 class C default mask) and the rule
4 ACCEPT all -- ETH01 * 0.0.0.0/0 192.168.0.0/22 state RELATED,ESTABLISHED
will permit the return traffic to 0.0 ,1.0 , 2.0 and 3.0 . Obviously , having only the 1.0 and 2.0 networks , you can change the previous rule (#4) with these
4 ACCEPT all -- ETH01 ETH00 0.0.0.0/0 192.168.1.0/24 state RELATED,ESTABLISHED
5 ACCEPT all -- ETH01 ETH03 0.0.0.0/0 192.168.2.0/24 state RELATED,ESTABLISHED
Also add some rules in INPUT chain would not be a bad idea
cheers
jonatha