Separating two networks
I have two routers, R1 and R2.
R1 (a stock linksys router running dd-wrt) is connected to internet and is serving internet to a network of 5 devices/PCs running a DHCP server, with a network of
192.168.1.0/24
. R1 also serves internet services to R2.R2 (a ubuntu server 12.04) gets internet from R1. R2 has 3 PCs attached to it, runs a DHCP server with a network of
172.22.22.0/24
.
My requirement is that the clients on both sides should not talk to each other at all – with the exception that R1 clients may access the R2 router through its IP of 192.168.1.x
.
At the moment, R2 clients are able to ping R1 clients, which is unacceptable, whereas R1 clients cannot ping R2 clients, which is OK.
I believe iptables
could be set up but I don't know how.
Solution 1:
This should work:
Router R1
iptables -t filter -A FORWARD -s 192.168.1.0/24 -d 172.2.22.0/24 -j DROP
Router R2
iptables -t filter -A FORWARD -d 192.168.1.0/24 -j DROP
For reference, see the iptables flowchart.