create air gap between the hosts

Issues related to configuring your network
Post Reply
dareth
Posts: 1
Joined: 2018/12/14 04:12:17

create air gap between the hosts

Post by dareth » 2020/02/25 15:07:26

Hi, i'm trying to create 'air gap' which act as a proxy between network segregated from 2 nexus switches.

Image

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.3 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::e41:82ff:fedf:9b00 prefixlen 64 scopeid 0x20<link>
ether 0c:41:82:df:9b:00 txqueuelen 1000 (Ethernet)
RX packets 21 bytes 1450 (1.4 KiB)
RX errors 0 dropped 9 overruns 0 frame 0
TX packets 53 bytes 3442 (3.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.3 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::e41:82ff:fedf:9b01 prefixlen 64 scopeid 0x20<link>
ether 0c:41:82:df:9b:01 txqueuelen 1000 (Ethernet)
RX packets 5 bytes 338 (338.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 64 bytes 5372 (5.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

based on netstat -rn,
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 eth1
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

how do ensure eth1 will be the default gateway to another network?
what will be the route required to route between eth0 (192.168.10.2) of another host ?
Top
User avatar
jlehtone
Posts: 4531
Joined: 2007/12/11 08:17:33
Location: Finland

Re: create air gap between the hosts

Post by jlehtone » 2020/02/25 23:57:16

Please explain the "air gap".

The routes you have say:
* If destination is anyone in the 192.168.10.0/24 then toss out from eth0
* If destination is anyone in the 192.168.20.0/24 then toss out from eth1
* All other destinations will be directed to 192.168.20.1 (which means tossing out from eth0 due to other rule)

If that is what your config gives and what you want, then you are ready.
If not, explain what is missing.
Top
MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: create air gap between the hosts

Post by MartinR » 2020/02/26 09:31:47

An "air gap" refers to a physical isolation of networks. Consider a company doing product research on an internal network. If it was "air gapped" there would be no connection between this network and the wider corporate network. Any data transfers would need to be made by writing some form of media (card, stick, DVD, tape) on one machine, moving it across the air gap, and then reading it on another machine. In the past this was sometimes called "sneaker-net" since it relied on someone (presumably wearing sneakers) walking between machines. Air gaps are a superb security mechanism, but a right royal PITA to administer.
Top
User avatar
jlehtone
Posts: 4531
Joined: 2007/12/11 08:17:33
Location: Finland

Re: create air gap between the hosts

Post by jlehtone » 2020/02/26 11:07:55

Thought so. Hence asking what is a gap in multihomed nonrouter.
Top
Post Reply

Return to “CentOS 7 - Networking Support”