Restricting the communication between computers in the same network without using a firewall

The architecture that we will create in this article is something like this — We have three computers let's say A, B, and C. Here what we want is that A can ping to B and C, B and C can ping to A but B and C can’t ping each other. This can be achieved easily using a firewall but instead of using a firewall, we will achieve this using pure networking concepts.

Three computes connected to the same network.

Let’s say, computer A has an IP 192.168.43.36, B has an IP 192.168.43.249 and C has an IP 192.168.43.21.

Computer A

Let’s look at the Routing Table of computer A.

$ route -n

As we can see in the above rule, we can ping any IP in the world. As we want to ping both the computers, we will not restrict computer A from any of the IP.

Now, we want that computer B and computer C can only ping to computer A.

So, first of all, we will remove all of the routing rules from computer B and C.

Now, if we tried to ping to any of the IP we can’t ping because there is no routing rule present.

After that, we will assign a new IP to computer B and computer C.

We will assign IP 192.168.44.249/255.255.0.0 to computer B.

$ ifconfig enp0s3 192.168.44.249 netmask 255.255.0.0

We will assign IP 192.168.45.21/255.255.0.0 to computer C.

$ ifconfig enp0s3 192.168.45.21 netmask 255.255.0.0

Now, we had set up the computer B and computer C with the IP addresses. The next step is to add the routing rule to computer B and computer C that will only allow to ping to computer A.

Let’s add the routing rule to computer B.

$ route add -net 192.168.43.0 netmask 255.255.255.0 enp0s3

And add the same routing rule to computer C.

Now, go to computer A and see if we can ping to computer B and computer C.

The above image shows that we can ping to computer B from computer A.

And we can ping to computer A from computer B.

Now, try to ping computer C from computer A and vice versa.

The above images show that we can ping to computer C from computer A and ping computer A from computer C.

As we don’t want to ping computer B and computer C to each other, let’s check if we had achieved the same.

Go to computer B and check if we can ping computer C.

We can’t!

Now, go to the computer C and check if we can ping computer B.

No. We can’t ping computer B from computer C.

So, we had verified that computer B is unable to ping computer C and computer C is unable to ping computer B but computer A can ping both computer B and computer C.

If you like this article, don’t forget to show some appreciation through applauds.

For any help or suggestions connect with me on Twitter at @TheNameIsAnkush or find me on LinkedIn.

Tech blogger, researcher and integrator