[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Unwanted routing between subnets



Hello,

I don't know exactly but could/should following parameter play a role?!:

# 23.)
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
#
# Do you want to allow routing between interfaces of the same class
# (e.g. between all internet interfaces, or all internal network
interfaces)
# be default (so without the need setting up FW_FORWARD definitions)?
#
# Choice: "yes" or "no", if not set defaults to "no"
#
FW_ALLOW_CLASS_ROUTING="no"



> -----Original Message-----
> From: Guido Tschakert [mailto:guido.tschakert@xxxxxxxxxxx] 
> Sent: Tuesday, September 09, 2003 8:58 AM
> To: Holger Schletz; suse-security@xxxxxxxx
> Subject: Re: [suse-security] Unwanted routing between subnets
> 
> 
> Holger Schletz wrote:
> > Hi,
> > 
> > I'm running a router on SuSE 8.2 which connects 2 local 
> subnets to the 
> > internet. The subnets run over the same NIC with virtual interfaces:
> > 
> > eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A)
> > eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)
> > 
> > (Yes, this is a mess, but fixing up this naturally grown 
> network topology 
> > might induce even more trouble.)
> > 
> > eth1 connects to the internet.
> > 
> Hello this box works at internetgateway, so routing is activated.
> Since both subnets (192.168.. and 172.16..) are connected directly to 
> the box, the router "knows" how to route between these 
> subnets and does 
> it ;-)
> (Have a look at route -n)
> I think the best (and easiest) way is to use the 
> iptables-Rules as Bruno 
> Leonhardt has written!
> 
> -- 
> mit freundlichen Grüßen,
> 
> Guido Tschakert
> 
> ___________________________________________________________________
> SRC Security Research & Consulting GmbH
> Graurheindorfer Str. 149a                    Tel:  +49-228-2806-138
> 53117 Bonn                                   Mobil:+49-160-3671422
> http://www.src-gmbh.de                       Fax:  +49-228-2806-199
> 
> 
> -- 
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
> 


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here