|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [suse-security] Unwanted routing between subnets
From: Mario Neubert (mario_neubert
gmx.de)
Date: Tue Sep 09 2003 - 10:05:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
I don't know exactly but could/should following parameter play a role?!:
# 23.)
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
#
# Do you want to allow routing between interfaces of the same class
# (e.g. between all internet interfaces, or all internal network
interfaces)
# be default (so without the need setting up FW_FORWARD definitions)?
#
# Choice: "yes" or "no", if not set defaults to "no"
#
FW_ALLOW_CLASS_ROUTING="no"
> -----Original Message-----
> From: Guido Tschakert [mailto:guido.tschakertsrc-gmbh.de]
> Sent: Tuesday, September 09, 2003 8:58 AM
> To: Holger Schletz; suse-securitysuse.com
> Subject: Re: [suse-security] Unwanted routing between subnets
>
>
> Holger Schletz wrote:
> > Hi,
> >
> > I'm running a router on SuSE 8.2 which connects 2 local
> subnets to the
> > internet. The subnets run over the same NIC with virtual interfaces:
> >
> > eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A)
> > eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)
> >
> > (Yes, this is a mess, but fixing up this naturally grown
> network topology
> > might induce even more trouble.)
> >
> > eth1 connects to the internet.
> >
> Hello this box works at internetgateway, so routing is activated.
> Since both subnets (192.168.. and 172.16..) are connected directly to
> the box, the router "knows" how to route between these
> subnets and does
> it ;-)
> (Have a look at route -n)
> I think the best (and easiest) way is to use the
> iptables-Rules as Bruno
> Leonhardt has written!
>
> --
> mit freundlichen Grüßen,
>
> Guido Tschakert
>
> ___________________________________________________________________
> SRC Security Research & Consulting GmbH
> Graurheindorfer Str. 149a Tel: +49-228-2806-138
> 53117 Bonn Mobil:+49-160-3671422
> http://www.src-gmbh.de Fax: +49-228-2806-199
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]