Blocking Tagged vlan traffic from being forwarded to Untagged
by sniper8752 from LinuxQuestions.org on (#5B9BD)
I have two networks that I would like to keep separated, and not allow them to talk to devices on each other. They both should be able to reach out to the Internet though.
Two subnets: 192.168.100.1/24, 192.168.200.1/24
The bastion/server is running iptables.
On the server, I created a vlan interface (id of 2). As for all other traffic right now, it is not defined/setup, or I guess you could say, "untagged". To stand up the vlan interface (for 200.1) on the server, I followed this tutorial: https://www.voiphow.com/how-to-confi...lan-in-ubuntu/.
Please bear with me as I am learning about this vlan stuff. :)
I notice that from my vlan of 2 (200.1 subnet), I am able to ping traffic on 100.1, which I would like to prevent and keep separate. How do I do this? I believe the answer is with iptables, but I am not sure.
EDIT:
Behind the server, I have a smart switch. I am using 802.1Q VLAN. All ports except 2 are part of vlan1 and are untagged. I put port 2 as a tagged port, of vlan ID 2.
Two subnets: 192.168.100.1/24, 192.168.200.1/24
The bastion/server is running iptables.
On the server, I created a vlan interface (id of 2). As for all other traffic right now, it is not defined/setup, or I guess you could say, "untagged". To stand up the vlan interface (for 200.1) on the server, I followed this tutorial: https://www.voiphow.com/how-to-confi...lan-in-ubuntu/.
Please bear with me as I am learning about this vlan stuff. :)
I notice that from my vlan of 2 (200.1 subnet), I am able to ping traffic on 100.1, which I would like to prevent and keep separate. How do I do this? I believe the answer is with iptables, but I am not sure.
EDIT:
Behind the server, I have a smart switch. I am using 802.1Q VLAN. All ports except 2 are part of vlan1 and are untagged. I put port 2 as a tagged port, of vlan ID 2.