Hello, I don't know exactly but could/should following parameter play a role?!: # 23.) # Allow same class routing per default? # REQUIRES: FW_ROUTE # # Do you want to allow routing between interfaces of the same class # (e.g. between all internet interfaces, or all internal network interfaces) # be default (so without the need setting up FW_FORWARD definitions)? # # Choice: "yes" or "no", if not set defaults to "no" # FW_ALLOW_CLASS_ROUTING="no"
-----Original Message----- From: Guido Tschakert [mailto:guido.tschakert@src-gmbh.de] Sent: Tuesday, September 09, 2003 8:58 AM To: Holger Schletz; suse-security@suse.com Subject: Re: [suse-security] Unwanted routing between subnets
Holger Schletz wrote:
Hi,
I'm running a router on SuSE 8.2 which connects 2 local subnets to the internet. The subnets run over the same NIC with virtual interfaces:
eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A) eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)
(Yes, this is a mess, but fixing up this naturally grown network topology might induce even more trouble.)
eth1 connects to the internet.
Hello this box works at internetgateway, so routing is activated. Since both subnets (192.168.. and 172.16..) are connected directly to the box, the router "knows" how to route between these subnets and does it ;-) (Have a look at route -n) I think the best (and easiest) way is to use the iptables-Rules as Bruno Leonhardt has written!
-- mit freundlichen Grüßen,
Guido Tschakert
___________________________________________________________________ SRC Security Research & Consulting GmbH Graurheindorfer Str. 149a Tel: +49-228-2806-138 53117 Bonn Mobil:+49-160-3671422 http://www.src-gmbh.de Fax: +49-228-2806-199
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here