Reply To: Isolate Subnet

Home Page Forums Network Management ZeroShell Isolate Subnet Reply To: Isolate Subnet

#52438

redfive
Participant

Without a rule to permit the return traffic , only http traffic will be allowed, thanks to http proxy , but https traffic will be denied… The 192.168.0.0/22 is a manual-summarized network or supernet ( /22 mask is wider than /24 class C default mask) and the rule

4 ACCEPT     all  --  ETH01  *       0.0.0.0/0             192.168.0.0/22    state RELATED,ESTABLISHED 

will permit the return traffic to 0.0 ,1.0 , 2.0 and 3.0 . Obviously , having only the 1.0 and 2.0 networks , you can change the previous rule (#4) with these

4 ACCEPT     all  --  ETH01  ETH00   0.0.0.0/0            192.168.1.0/24    state RELATED,ESTABLISHED
5 ACCEPT all -- ETH01 ETH03 0.0.0.0/0 192.168.2.0/24 state RELATED,ESTABLISHED

Also add some rules in INPUT chain would not be a bad idea
cheers
jonatha