Ok, hopefully this will make sense. I have a Linux Box A plugged into a Cisco Router, A has 2 network cards, external and internal, and has iptables natting the local network. These machines are 192.168.1.x

Also plugged into the same router is another linux box B with a similar setup, 1 external IP and then natting for another internal network 192.168.2.x

I was experimenting with Dsniff and I found that people on the 2.x block were able to recover passwords on the 1.x block, so I setup a rule on each box like so:

on A
iptables -A INPUT -p all -s 192.168.2.0/24 -j REJECT

on B
iptables -A INPUT -p all -s 192.168.1.0/24 -j REJECT

people on the B network still seem to be able to sniff though...any ideas? I do not want them to see each other at all, they cannot ping or traceroute each other, but I want to stop all network access between the two.

Thanks in advance.