Specific rules and access policies for subnets
Posted: Thu Feb 04, 2021 11:04 am
Hi,
I have a VPN network 10.8.0.0 255.255.248.0. It has 8 subnets: from 10.8.0.0 to 10.8.7.0
For now, every client from any of these subnets can reach another client from any other subnet. I would like those only clients from 10.8.1.0 to be able to reach the clients from the other subnets.
I read the documentation and I understand the solution is to disable client-to-client and add rules in iptables.
Example:
iptables -A FORWARD -i tun0 -s 10.8.1.0/24 -d 10.8.3.0/24 -j ACCEPT
iptables -A FORWARD -i tun0 -s 10.8.3.0/24 -d 10.8.1.0/24 -j DROP
I have a few questions.
Will this solution work or it needs something in addition?
Should I better choose 10.8.0.0 as my "privileged" subnet considering that the server is 10.8.0.1?
Regards,
Paul
I have a VPN network 10.8.0.0 255.255.248.0. It has 8 subnets: from 10.8.0.0 to 10.8.7.0
For now, every client from any of these subnets can reach another client from any other subnet. I would like those only clients from 10.8.1.0 to be able to reach the clients from the other subnets.
I read the documentation and I understand the solution is to disable client-to-client and add rules in iptables.
Example:
iptables -A FORWARD -i tun0 -s 10.8.1.0/24 -d 10.8.3.0/24 -j ACCEPT
iptables -A FORWARD -i tun0 -s 10.8.3.0/24 -d 10.8.1.0/24 -j DROP
I have a few questions.
Will this solution work or it needs something in addition?
Should I better choose 10.8.0.0 as my "privileged" subnet considering that the server is 10.8.0.1?
Regards,
Paul