2017-02-06 - how to block access lan->wan (allow only 192.168.1.1 rest network blocked)

Header Data

From: bartosz <ba***z@miklaszewski.com>
Message Hash: 385dfcc2a53705a82913a94436fa285560e0926b758aa30d6ed61ef357de3be2
Message ID: <4d0feda8-ba33-4023-a012-cc8afe661e78@grasehotspot.org>
Reply To: N/A
UTC Datetime: 2017-02-06 08:29:01 UTC
Raw Date: Mon, 06 Feb 2017 07:29:01 -0800

Raw message



<https://lh3.googleusercontent.com/-NM0zWD8KT0g/WJiVZVO5H3I/AAAAAAAAP98/7toDiQ8ryek0fVpuqJtJj7Qn7tKYBGuXACLcB/s1600/topology.png>

Hi guys,

just notice something today...
I use VLANs to separate hotspot part of the network from office network, 
and it works fine however... when you login to grase suddenly network 
10.1.0.0/24 has access to entire network 192.168.1.0/24 over grase hotspot

as in picture attached

router-gw (192.168.1.1) <---Network 192.168.1.0/24-SwitchVLAN1--->Grase 
Hotspot WAN(192.168.1.111)========Grase Hotspot 
LAN(10.1.0.0/24-SwitchVLAN20)

so how to block 10.1.0.0 from accesing any devices in 192.168.1.1

I guess iptables could do the job, but i am not good with that can someone 
help me with this ?

Many thanks

Bartosz

Thread