How to disable traffic between local(eth1) and virtual(eth1:0) interface?

A

andr_px2015-08-19 14:40:53

linux

andr_px, 2015-08-19 14:40:53

There is a Linux-box with two network interfaces.
eth0 - inet
eth1 - lan (192.168.1.1)
eth1:0 - lan (192.168.2.1)
How can I prevent traffic from going between eth1 and eth1:0?
Tried:
iptables -I FORWARD -i eth1:0 -o eth1 -j DROP
iptables -I FORWARD -i eth1 -o eth1:0 -j DROP
Didn't work though.
Thank you all, I solved the problem by installing a separate network card.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

andr_px, 2015-08-20
@andr_px

I solved the problem by installing a separate network card, vlan was not suitable in this case.

V

Vladimir, 2015-08-19
@rostel

in terms of iptables eth1 and eth1:0 - same interface
try like this

ip link add virtual0 link eth1 type macvlan mode bridge
ip addr add 192.168.2.1/24 dev virtual0
ip link set virtual0 up

iptables -I FORWARD -i virtual0 -o eth1 -j DROP	
iptables -I FORWARD -i eth1 -o virtual0 -j DROP

V

Valentin, 2015-08-19
@vvpoloskin

Do the filtering in the PREROUTING chain. Or, alternatively, it is not necessary to make a SECONDARY address. And you can actually do it on various subinterfaces - loopback (unnumberred), subif (vlan).