Separating two networks

networking iptables router

I have two routers, R1 and R2.

  • R1 (a stock linksys router running dd-wrt) is connected to internet and is serving internet to a network of 5 devices/PCs running a DHCP server, with a network of 192.168.1.0/24. R1 also serves internet services to R2.

  • R2 (a ubuntu server 12.04) gets internet from R1. R2 has 3 PCs attached to it, runs a DHCP server with a network of 172.22.22.0/24.

My requirement is that the clients on both sides should not talk to each other at all – with the exception that R1 clients may access the R2 router through its IP of 192.168.1.x.

At the moment, R2 clients are able to ping R1 clients, which is unacceptable, whereas R1 clients cannot ping R2 clients, which is OK.

I believe iptables could be set up but I don't know how.


Solution 1:

This should work:

Router R1

iptables -t filter -A FORWARD -s 192.168.1.0/24 -d 172.2.22.0/24 -j DROP

Router R2

iptables -t filter -A FORWARD -d 192.168.1.0/24 -j DROP

For reference, see the iptables flowchart.

Related

Modify a large file, then be able to rollback changes doing it (almost) inplace
saving sessions on Chrome [closed]
Customizing device installation settings
MS Word: How do I format all change tracked text at once?
Modifying the Path environment variable is not working
Computer crashes every 2 to 10 minutes [duplicate]
How do I stop Notepad++ taking back file associations?
How to map “shift” key to “shift” + “capslock” using AutoHotkey?
How to tell Windows 7 NOT to search for LAN printers on start-up?
sklearn and large datasets
Run app in iOS 6 Simulator in Xcode 6
Difference between tsconfig.json and tsconfig.app.json files in Angular