[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Unwanted routing between subnets
I'm running a router on SuSE 8.2 which connects 2 local subnets to the
internet. The subnets run over the same NIC with virtual interfaces:
eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A)
eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)
(Yes, this is a mess, but fixing up this naturally grown network topology
might induce even more trouble.)
eth1 connects to the internet.
The setup works; both subnets have internet access. However, subnet A is still
accessible from subnet B and vice versa. This is not what I want; instead I
want the two subnets to be invisible to each other.
There is no route from A to B or from B to A specified in the
/etc/sysconfig/network directory (is there another place to look at?). Maybe
this problem comes from the virtual interface stuff?
I tried to set up routing rules with the "unreachable", "prohibit" or
"blackhole" option, but I did't find useful documentation on usage of these
options and it did not work as expected. I also tried some custom rules for
SuSEfirewall2, but no success either.
So what routing options and/or iptables rules do I have to use?
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here