|
||||||||
On 8/12/05, John Benjamin <john at thebenjs dot com> wrote: > I have a soekris net4511 setup as a wireless access point (LAN -> wi0: > 192.168.89.1) and wired to another router as the WAN (WAN -> sis0: > 192.168.1.67). I am not using the eth1 port. > > When I connected wirelessly and was given a 192.168.89.x address, I was > able to browse the Local area lan in the 192.168.1.x subnet. I need to have > wireless clients only be able to get to the internet (e.g., 192.168.89.x -> > 192.168.89.1 -> 192.168.1.1 -> Internet) and not be able to see any other > machines or addresses on the 192.168.1.x subnet. > Add a rule on the wireless interface to deny IP all source any, destination 192.168.1.0/24, above the permit any any default rule. > Is this what the "block private ip" setting is for? > no, that blocks inbound requests on the WAN sourced from private IP space, which should never be seen on the Internet. -Chris |