Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
RE: [suse-security] Unwanted routing between subnets
  • From: "Mario Neubert" <mario_neubert@xxxxxx>
  • Date: Tue, 9 Sep 2003 17:05:39 +0200
  • Message-id: <000c01c376e3$d6330ef0$0201a8c0@xxxxxxxxxx>
Hello,

I don't know exactly but could/should following parameter play a role?!:

# 23.)
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
#
# Do you want to allow routing between interfaces of the same class
# (e.g. between all internet interfaces, or all internal network
interfaces)
# be default (so without the need setting up FW_FORWARD definitions)?
#
# Choice: "yes" or "no", if not set defaults to "no"
#
FW_ALLOW_CLASS_ROUTING="no"



> -----Original Message-----
> From: Guido Tschakert [mailto:guido.tschakert@xxxxxxxxxxx]
> Sent: Tuesday, September 09, 2003 8:58 AM
> To: Holger Schletz; suse-security@xxxxxxxx
> Subject: Re: [suse-security] Unwanted routing between subnets
>
>
> Holger Schletz wrote:
> > Hi,
> >
> > I'm running a router on SuSE 8.2 which connects 2 local
> subnets to the
> > internet. The subnets run over the same NIC with virtual interfaces:
> >
> > eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A)
> > eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)
> >
> > (Yes, this is a mess, but fixing up this naturally grown
> network topology
> > might induce even more trouble.)
> >
> > eth1 connects to the internet.
> >
> Hello this box works at internetgateway, so routing is activated.
> Since both subnets (192.168.. and 172.16..) are connected directly to
> the box, the router "knows" how to route between these
> subnets and does
> it ;-)
> (Have a look at route -n)
> I think the best (and easiest) way is to use the
> iptables-Rules as Bruno
> Leonhardt has written!
>
> --
> mit freundlichen Grüßen,
>
> Guido Tschakert
>
> ___________________________________________________________________
> SRC Security Research & Consulting GmbH
> Graurheindorfer Str. 149a Tel: +49-228-2806-138
> 53117 Bonn Mobil:+49-160-3671422
> http://www.src-gmbh.de Fax: +49-228-2806-199
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


< Previous Next >
Follow Ups
References