iptables prevent wan-->lan access



Hi, I would like to know how to protect my lan from wan access.

I have 2 nic. 1 connected on a wan (let's say, the other on lan(
I have enabled ip masquerading and ip forwarding.

Lan can access wan with no problem. But what if another tenant on my wan ( would add a route for>[email protected]. My wan nic would receiving a packet destined to the lan and it would be forwarded correctly.

To avoid this, i could add a FORWARD rule to drop anything coming from the wan but then port forwarding through DNAT would not work anymore.

And i cant drop the packeta from POSTROUTING before DNAT is applied.

So what are my options here? This basically means that my ISP can access my entire LAN.

Latest posts
