Sun Jul 8 09:15:08 EDT 2012
I'm trying to set up a sandbox that needs a separate DHCP server and a
shielded (NATted) address space. This is hosted on a guest network,
but the packets are transported raw over the trusted network.
This doesn't fit in the current firewall rules because it is a
security problem in general, though not so because the device that
uses it is fully controlled.
What I really need is a separate gateway that allows only internet
access, and no access to any of the guest or private networks.