Router1 is gateway for another router(2).
Router1 has set 10.0.0.1/8 lan network to which router2 is attached. 10.0.0.1 is obviously the bridge ip address of lan as well as assigned gateway ip for router2.
Router1 has the following rule that successfully blocks every try from router2 to reach destination different than 10.0.0.1 (router1 ip itself..) , **but unfortunately only if router2 is using the 10.0.0.1 as gateway**.
iptables -t raw -I PREROUTING ! -d 10.0.0.1 -j DROP
The problem is: If I change the gateway of router2 from 10.0.0.1 to 10.22.22.1
and use dhcp to obtain ip address or manually set 10.22.22.22/24 (for example) - router2 is able to access the internet from router1 !? This is strange for me because the above rule is very clear.
What rule should I apply to block router2 internet, and allow access to gateway only 10.0.0.1/8 ?
(The /8 network is absolutely needed for lan, also I need raw table commands only).
Asked by Svetoslav
(13 rep)
Jun 6, 2023, 02:13 PM
Last activity: Jun 7, 2023, 12:37 AM
Last activity: Jun 7, 2023, 12:37 AM