So, I have LXC container that acts like a router and it’s configuration looks like this:
eth0 - WAN
eth1 - LAN1
eth2 - LAN2
[…]
It’s configured to act as a NAT for every LAN network.
And for obvious reasons - whatever is connected to eth1 can talk to whatever is connected to eth2.
Any solutions to this problem?
I’d like to prevent possibility of connecting to things connected to eth1 from eth2 and vice versa.
With my Linux firewalls I drop by default and then whitelist.
Usually I’d iptables-save, modify it, then iptables-restore.
Don’t forget to punch holes for DHCP, and for ICMP for path MTU discovery (you’re going to have a bad time without pmtud working - pretty much anything hosted on Amazon gets all screwy depending on what version of which os you’re using on the client side).