Restricting the communication between computers in the same network without using a firewall
The architecture that we will create in this article is something like this — We have three computers let's say A, B, and C. Here what we want is that A can ping to B and C, B and C can ping to A but B and C can’t ping each other. This can be achieved easily using a firewall but instead of using a firewall, we will achieve this using pure networking concepts.
Three computes connected to the same network.
Step 1: Setup Computer A to ping computer B and C
Let’s say, computer A has an IP 192.168.43.36, B has an IP 192.168.43.249 and C has an IP 192.168.43.21.
Let’s look at the Routing Table of computer A.
$ route -n
As we can see in the above rule, we can ping any IP in the world. As we want to ping both the computers, we will not restrict computer A from any of the IP.
Step 2: Setup computer B and computer C to ping only computer A
Now, we want that computer B and computer C can only ping to computer A.
So, first of all, we will remove all of the routing rules from computer B and C.
Now, if we tried to ping to any of the IP we can’t ping because there is no routing rule present.
After that, we will assign a new IP to computer B and computer C.
We will assign IP 192.168.44.249/255.255.0.0 to computer B.
$ ifconfig enp0s3 192.168.44.249 netmask 255.255.0.0
We will assign IP 192.168.45.21/255.255.0.0 to computer C.
$ ifconfig enp0s3 192.168.45.21 netmask 255.255.0.0
Step 3: Adding routing rule to computer B and computer C that will only allow to ping to computer A
Now, we had set up the computer B and computer C with the IP addresses. The next step is to add the routing rule to computer B and computer C that will only allow to ping to computer A.
Let’s add the routing rule to computer B.
$ route add -net 192.168.43.0 netmask 255.255.255.0 enp0s3
And add the same routing rule to computer C.
Step 4: Check if computer A is able to ping computer B and C and vice versa.
Now, go to computer A and see if we can ping to computer B and computer C.
The above image shows that we can ping to computer B from computer A.
And we can ping to computer A from computer B.
Now, try to ping computer C from computer A and vice versa.
The above images show that we can ping to computer C from computer A and ping computer A from computer C.
Step 5: Check if we can ping computer B from C and computer C from computer B
As we don’t want to ping computer B and computer C to each other, let’s check if we had achieved the same.
Go to computer B and check if we can ping computer C.
Now, go to the computer C and check if we can ping computer B.
No. We can’t ping computer B from computer C.
So, we had verified that computer B is unable to ping computer C and computer C is unable to ping computer B but computer A can ping both computer B and computer C.