0

I have a Linux machine with two ethernet ports (one of which is connected to my ISP's router). I want to connect an iot device via the other ethernet port but limit (but not disable) its access to both internal and external IPs.

I'm not sure how to do this, whether it is just bridging or if it will require more of a router-like setup.

So far I have run:

ip link add name br0 type bridge
ip link set br0 address xx:xx:xx:xx:xx:xx #the same MAC as enp3s0, unsure about this
ip link set br0 up
ip link set enp2s0 up #the "internal" NIC
ip link set enp2s0 master br0
ip link set enp3s0 master br0 #the "external" NIC
ip address add dev br0 192.168.0.150/24

This allows internet access on the iot device, but I can no longer access the linux server doing the bridging from within the local network (i.e. at 192.168.0.150). Is this the correct way to do it, and if it is what am I missing to make it work?

Am I right in thinking I can apply simple iptable rules to then limit where the iot device can access?

Improve this question
3
  • 1
    You didn't say what kind of limiting you want to do, but whatever it is, it'll be much easier through routing + NAT + iptables compared to bridging and ebtables.
    – dirkt
    Commented Aug 14, 2021 at 15:16
  • @dirkt limiting e.g. to other devices in the local network and to websites on the internet. Could you offer any pointers as to the sort of things required for the routing + NAT + iptables route?
    – user8903610
    Commented Aug 14, 2021 at 15:56
  • There are plenty of tutorials and Q&A for routing + NAT, e.g. here. Extend the iptables rules in the link to filter for whatever you'd like.
    – dirkt
    Commented Aug 15, 2021 at 12:15

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .