I'd like to have an opaque partition between Hosts A and B in order to use Host B as an untrusted "rogue host." Host A can have whatever access it wants to Host B and Host A can access the internet. Host B will have limited access to Host A and can also access the internet.
I thought this would be rather straightforward but I've been having trouble. Here's what I've done:
On Astaro I've created a static route:
192.168.100.0/24 dev eth0 scope link 192.168.1.0/24 dev eth0 scope link 66.1.2.3/24 dev eth1 scope link 66.1.2.3/24 dev eth1 scope link src 66.1.2.1 127.0.0.0/8 dev lo scope link
On Host A: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
On Host B: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
The problem is filtering any/all traffic from Host B to A doesn't work and in doing a tcpdump on the Astaro I don't see any activity between Host A and B. However, they _are_ communicating so it doesn't look like the gateway is involved at all?
I'm at a total loss, but I'm not giving up... if anyone has any input it'd be much appreciated.
routing should be done with 2 internal nics.. in case you do not have another nic you should add an alias to eth0 with an IP from the 192.168.100.0 network and use this as gateway for the hosts in this net...
