Reply To: Isolate Subnet

Forums Network Management ZeroShell Isolate Subnet Reply To: Isolate Subnet

August 25, 2012 at 4:40 pm #52436
redfive
Participant

If ETH01 is directly connected to the internet( PPPoE ?), four simple rules in forward chain , with DROP as default policy , should be enough for a start config. 

1 ACCEPT     all  --  ETH00  *       192.168.1.0/24        0.0.0.0/0

2 ACCEPT     all  --  ETH03  !ETH00  192.168.2.0/24        0.0.0.0/0

3 ACCEPT     all  --  ETH03  ETH00   192.168.2.0/24        192.168.1.0/24    state RELATED,ESTABLISHED

4 ACCEPT     all  --  ETH01  *       0.0.0.0/0             192.168.0.0/22    state RELATED,ESTABLISHED

Default is DROP..
I have the firewall set to Accept-Forward ETH00 and ETH03 to 0.0.0.0/0 -> 0.0.0.0/0

and about ETH01 ?? return traffic seems not allowed…are you using proxy ??
cheers
jonatha