Right, why not use some firewall? well, because I can't just install any software on these servers, company regulations, and windows' built-in firewall suck big time (only inbound, have to configure ALL exceptions).
On Linux this is quite a trivial IPTables command. Run the following on server#1:
iptables -I INPUT -s server#2 -j DROP
iptables -I OUTPUT -d server#2 -j DROPUnfortunately there's nothing like IPTables built into windows.
Driving inspired from the IPTables concept of routing the packets to the trashcan ("
-j drop"), I realized that much same could be implemented on windows by twicking the OS routing table causing it to deliver packets for server#2 to no where.Here's my hand tailored, freeware, no software required, windows firewall that sends packets to a vacation in /dev/null:
route ADD 1.1.1.2 MASK 255.255.255.255 1.1.1.0Where:
Server#1 IP is 1.1.1.1
Server#2 IP is 1.1.1.2
1.1.1.0 isn't assigned to anyone - our /dev/null for the occasion.
Additional blabber:
If you add the route instruction only to server#1, but not to server#2, then server#2 can still send IP packets to server#1, while this breaks TCP completely, server#2 could still send UDP datagrams to server#1.
Make sure the servers are configured with static IP, otherwise your solution would break over time. In order to make the route persistent across server reboots, add the -p flag.
[caption id="attachment_132" align="alignnone" width="514" caption="wrong way! Packet! turn back now!"]
[/caption]
No comments:
Post a Comment