Custom Search
Using 2 LAN networks withYou share an Internet connection with your kids/parents and are worried they could be worm and virus infected? You know they download everything and click anything but would like to make sure there is no way they could connect to your PC and infect you through shares or whatever. You can use different workgroups and passwords but the bottom line is: they are on the same network as you.
This is impossible with commercial routers like Linksys or D-Link. 
With BrazilFW/Coyote Linux it is simple. No other software or hardware is needed. The method described here is tried and proven and in production since version 2.10b.
Number 1 is that you must own the network meaning you control Coyote Linux or Brazil Firewall. Also everyone co-operatively wants this segregation because this is very easy to defeat.If this describes your kids/parents or their friends that come in then press return on your browser right now and get a private connection.
What you do is define a secondary IP address in the LAN Configuration and deny traffic between each. You may be on the same physical cabling system but rules are rules and TCP/IP will respect them.
On a standard installation, everyone is on network 192.168.0.0/24. Simply choose another IP network (10.0.0.0/24) and use that for you. I used 10.0.0.0/24 because it's easy to remember which is which just because they are so different. It could be any valid private IP address range reserved for internal use. The 10.0.0.0 mask does not have to be 255.0.0.0 (/8). 255.255.255.0 (/24) is OK.
Using the Webadmin tool select LAN Configuration. Fill in Secondary IP Address
and Netmask and click submit.
From the Advanced Firewall Configuration menu edit the Configuration File and add these 2 lines. They block traffic to/from each network.
These rules do not block traffic destined to services on Coyote Linux/Brazil Firewall like Webadmin or SSH because the packets never go through FORWARD. This means Webadmin is still available on 192.168.0.1:8180
access Y deny all 192.168.0.0/24 10.10.0.0/24 all #Block other network 1 access Y deny all 10.10.0.0/24 192.168.0.0/24 all #Block other network 2
You can also click Access in the Advanced Firewall Configuration menu to create these rules. Either way they will look like this:
Now backup the configuration and reload the firewall.
When reloading the firewall beware of this message. It means some rule(s) did not work.
Try `iptables -h' or 'iptables --help' for more information.
If you have DHCP enabled then anyone plugging into your hub/switch will be assigned to the 192.168.0.0 network. This means you and anyone on your personal network will have to hard code the IP address, the gateway 10.0.0.1 and DNS 10.0.0.1 if enabled (or your ISP's if disabled). Hey, there's a price to pay for security.
Special rules, like Port forwards, defined in Brazil Firewall/Coyote Linux must be looked at individually to verify its applicability.
DISCLAIMER: The following instructions come with no warranty. Use at your discretion and risks. I am not responsible for its misuse, damages, or losses that can be caused directly or indirectly. It is assumed that you practice safe computing and take backups before making changes.
Stuff is written here for the uninitiated and no prior knowledge on the subject is presumed.
Use the Forums for support so everyone can share the information.
copyright for the writing. The ideas and code are free. Robert Bonomo