子网有多安全？

我的网络出现了一个不幸的复杂情况 - 一些用户/计算机连接到我们管理的完全私有且有防火墙的办公网络（10.nnx/24 内联网），但其他用户/计算机连接到第三方提供的子网（129.nnx/25）因为他们需要通过第三方的代理访问互联网。

我之前已经设置了一个网关/路由器以允许 10.nnx/24 网络互联网访问：

# Allow established connections, and those !not! coming from the public interface
# eth0 = public interface
# eth1 = private interface
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the private interface
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

# Masquerade (NAT)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward any other traffic from the public to the private
iptables -A FORWARD -i eth0 -o eth1 -j REJECT

但是，我现在需要允许 129.nnx/25 子网上的用户访问 10.nnx/24 网络上的一些私有服务器。

我认为我可以做类似的事情：

# Allow established connections, and those !not! coming from the public interface
# eth0 = public interface
# eth1 = private interface #1 (10.n.n.x/24)
# eth2 = private interface #2 (129.n.n.x/25)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the private interfaces
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT

# Allow the two public connections to talk to each other
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT

# Masquerade (NAT)
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward any other traffic from the public to the private
iptables -A FORWARD -i eth0 -o eth1 -j REJECT
iptables -A FORWARD -i eth0 -o eth2 -j REJECT

我担心的是，我知道我们的 129.nnx/25 子网上的计算机可以通过提供商运营的更大的网络通过 VPN 进行访问 - 因此，提供商超网（正确的术语？子网的逆？）上的某个人是否可能访问我们私有的 10.nnx/24 内联网？