[LARTC] block ethernet IPv4 traffic
Lawrence MacIntyre
lpz@ornl.gov
Mon, 19 Jul 2004 09:03:34 -0400
This will work as long as none of the clients are clued enough to add
host routes or alias addresses.
Rene Gallati wrote:
> Anton Glinkov wrote:
>
>> On Mon, July 19, 2004 15:25, Ed Wildgoose said:
>>
>>>
>>>> the bridge thing is not possible.. the network is too big.. 300
>>>> machines..
>>>> with over 30 switches (only one of them is manageable) :(
>>>> Basically I want to deny ethertype 0800 (IPv4) packets for that LAN.
>>>> The only solution I thought of was to have a linux machine in this LAN
>>>> that has all the possible IP addresses set on its interface.
>>>>
>>>>
>>>
>>> Look, we can't help you until you explain the problem
>>>
>>> WHY is it not possible to have a bridge? This only requires two network
>>> cards?
>>
>>
>>
>> I want to block the traffic between _ANY_ 2 of the machines in the
>> network.
>
>
> How about giving them a netmask of /32 instead of /24 (or whatever you
> have) so that they only see themselves in the same network and then
> giving them a static route to the default gw (since it is outside of the
> /32).
>
> Then you can block all inter-client traffic at that single default
> gateway (or one hop "in front" of it, seen from the clients)
>
>
--
Lawrence MacIntyre 865.574.8696 lpz@ornl.gov
Oak Ridge National Laboratory
High Performance Information Infrastructure Technology Group