OneAboveAll DD-WRT Novice
Joined: 17 Apr 2014 Posts: 1
|
Posted: Thu Apr 17, 2014 7:26 Post subject: Hypothetical Networking Question - iptables configurations |
|
Hi all,
I hope your day is going well.
I have a question regarding my network :-
1. My Network consist of :-
a) 1 Asus 4 port broadband router ( also DHCP
Server) also acts as gateway
b) 1 Network 8 portSwitch which is
connected to 1 of the 4 Asus router ports
c) 3 windows 8 pc's connected to the
switch's ports. PC-A,PC-B,PC-C are
connected to the 8 port switch.
IP of PC-A - 192.168.0.20
IP of PC-B - 192.168.0.21
IP of PC-C - 192.168.0.23
IP of router - 192.168.0.1
2. Questions :-
a) I want PC-A to only be able to talk to
PC-B and the router and the internet.
If I issue the iptable command on the
router so that PC-A can only see PC-B.
It cannot communicate with any other
entity on the network.
It can only communicate with PC-B,
communicate with the router and the
internet. Will it work ?
Because the PC-A is connected to a 8 Port
switch which in turns connect to the router.
And the other 2 PC's are also connected to
this same switch. Will the switch allow
PC-A to see and communicate with the
other 2 PC on the switch even with the
iptable configuration on the Asus router ?
b) How about if I connect PC-A to 1 of the
router's 4 ports and then connect the other 2
PC to the switch ? Will PC-A be able to see
the other 2 PC on the switch ?
c) What iptables command do I have to issue on
Asus router so that PC-A cannot talk any
PC or entity on the network. PC-A can
only talk to PC-B and also communicate with
the internet ?
d) If PC-A has a virus, does this means that
because of the iptables configurations, it
wont be able to infect any other entity on
the network. It can possibly only infect
PC-B and nothing else. Is this the case ?
e) So what iptables command do I have to issue
on Asus router so that PC-A cannot talk to any
PC or entity on the network. PC-A can
only talk to PC-B and also communicate with
the internet ?
f) Now fast forward a little bit, what if I do
not want PC-A to communicate with the
internet ? PC-A can only communicate with
PC-B. It cannot talk to PC-C or any other
entity on the network. It cannot talk to the
router. It cannot talk to the internet.
g) Now what iptable command do I have to issue
on the router to form the above network
configuration/rule ?
If PC-A has a virus, it can possibly
infect PC-B. But will it be able to infect
PC-C or any other entity on the network,
including the router ? Even with the
iptable config/rule on the router ?
Thank You !!!
|
|