[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [suse-security] Unwanted routing between subnets
I don't know exactly but could/should following parameter play a role?!:
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
# Do you want to allow routing between interfaces of the same class
# (e.g. between all internet interfaces, or all internal network
# be default (so without the need setting up FW_FORWARD definitions)?
# Choice: "yes" or "no", if not set defaults to "no"
> -----Original Message-----
> From: Guido Tschakert [mailto:guido.tschakert@xxxxxxxxxxx]
> Sent: Tuesday, September 09, 2003 8:58 AM
> To: Holger Schletz; suse-security@xxxxxxxx
> Subject: Re: [suse-security] Unwanted routing between subnets
> Holger Schletz wrote:
> > Hi,
> > I'm running a router on SuSE 8.2 which connects 2 local
> subnets to the
> > internet. The subnets run over the same NIC with virtual interfaces:
> > eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A)
> > eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)
> > (Yes, this is a mess, but fixing up this naturally grown
> network topology
> > might induce even more trouble.)
> > eth1 connects to the internet.
> Hello this box works at internetgateway, so routing is activated.
> Since both subnets (192.168.. and 172.16..) are connected directly to
> the box, the router "knows" how to route between these
> subnets and does
> it ;-)
> (Have a look at route -n)
> I think the best (and easiest) way is to use the
> iptables-Rules as Bruno
> Leonhardt has written!
> mit freundlichen Grüßen,
> Guido Tschakert
> SRC Security Research & Consulting GmbH
> Graurheindorfer Str. 149a Tel: +49-228-2806-138
> 53117 Bonn Mobil:+49-160-3671422
> http://www.src-gmbh.de Fax: +49-228-2806-199
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here