Can i create a route by MAC address to keep a machine limited to an ip address
Posted on 2011-03-14
I have a server hosting two virtual machines. Each machine is assigned a static IP address in a different network and is routed to a separate firewall gateway. they both travel through a common virtual switch, and through a physical switch as well before the gateway.
Since these are two different entities i am concerned that a user on network1 could find out the address of network2. Since they both use WAN access, they cannot remove the existing IP without losing their connection, but adding an ip could be an issue if via social hacking, sniffing or dumb luck, they discovered the other address range. In that case they would be able to add that IP range on their machine and browse to the other network. I realize they would likely have to crack a password to actually break in another machine, but if they are doing the first then they would likely do the second as well. So, if network1 is 192.168.11.0/24 and network2 is 192.168.12.0/24 for instance, can i use the computer MAC address on the machines in a route to block all traffic from one VM to the other VM. Or set up a route on each machine that automatically sent any traffic not on their correct network to the bit bucket. What is the most effective way to limit the machines to their own networks?