Hi, First of all, you cannot do that. It's impossible to make 2 same subnet communicate on a different network interface. What I'll suggest it that you block DHCP packets with the firewall and you create your own internal DHCP and you attribute different subnet for each subnet (NET_A = 192.168.1.0/24 and NET_B = 192.168.2.0/24).
You need to set a default route on both side that point to ther firewall interface (Ex : eth0:192.168.1.1 and eth1:192.168.2.1) After that you will be able to filter traffic with shorewall. This is not a limitation of shorewall nor iptables. This is how IP is working. hOZONE <[EMAIL PROTECTED]> a écrit : > > > Simon Hobson ha scritto: >> hOZONE wrote: >> >> >>> i have to create two separated network (NET_A and NET_B), using >>> the same router. >>> pc on NET_A can not comunicate pc on NET_B, NET_B can not >>> comunicate with pc on NET_A. >>> NET_A and NET_B should have the same subnet >>> >>> >>> my aim is not no "bridge", but to make two network, with the same subnet. >>> eth0 should act as the wifi router (192.168.1.1) of the NET_A >>> shorewall should act as a gateway. >>> >> >> You can do that by running the firewall as a bridge - but all >> addresses have to be unique. You can control traffic between >> physical nets with policies and rules - but you will have to >> carefully manage broadcast traffic to make the two sides invisible >> to each other. >> >> But you haven't said WHY you want to do this, it's a far from ideal >> configuration. >> >> > it's for a architect. > he has two office (let's call NET_A and NET_B), max 10 pc per office. > the internet gateway is 192.168.1.1 with dhcp (192.168.1.100 to > 192.168.1.250) and it is "closed" by the ISP vendor, so it must has > this addess. > there is one server (192.168.1.3) which must be visible in office A. > pc in office NET_A should not see pc of operators in office NET_B, > and viceversa. > all pc has win XP. > > NET_A can browse internet cause is connected to router. > if i act shorewall as a bridge, can i DROP all traffic from NET_A to > NET_B, and from NET_B to NET_A, except traffic from NET_B to > 192.168.1.1 (cause i want pc in NET_B to browse on internet). > > router (192.168.1.1) > > |-> eth1 (192.168.1.99) - shorewall bridge - eth0 (192.168.1.???) > <-> NET_B (192.168.1.0/24) > |-> NET_A (192.168.1.0/24) > |-> + server (192.168.1.3) > > p.s. sorry but my english is poor. > ---------------------------------------------------------------- Messages de confidentialité Ce courriel (de même que les fichiers joints) est strictement réservé à l'usage de la personne ou de l'entité à qui il est adressé et peut contenir de l'information privilégiée et confidentielle. Toute divulgation, distribution ou copie de ce courriel est strictement prohibée. Si vous avez reçu ce courriel par erreur, veuillez nous en aviser sur-le-champ, détruire toutes les copies et le supprimer de votre système informatique. Merci. Confidentiality Notice This communication (including any files transmitted with it) is intended solely for the person or entity to whom it is addressed, and may contain confidential or privileged information. The disclosure, distribution or copying of this message is strictly forbidden. Should you have received this communication in error, kindly contact the sender promptly, destroy any copies and delete this message from your computer system. Thank you.. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
