Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: Re: [suse-security] Unwanted routing between subnets
  • From: BLeonhardt@xxxxxxxxxxx
  • Date: Tue, 9 Sep 2003 08:40:47 +0200
  • Message-id: <OF609C23F9.73D217F4-ONC1256D9C.00247E3A-C1256D9C.0023B6D1@xxxxxxxxxxx>
Hi,

a rule like

iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -d 172.16.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/16 -d 192.168.0.0/16 -j DROP

wouldn't work ?

Mit freundlichen Grüßen / Best regards
Bruno Leonhardt

LPI Level 1 Certified
Watchguard Certified System Professional
CLP Domino R5 Systemadministrator


Markus Gaugusch <markus@xxxxxxxxxxx> schrieb am 08.09.2003 19:37:33:

> On Sep 8, Arjen de Korte <suse-security@xxxxxxxxxxxxxxxxx> wrote:
>
> > On Monday 08 September 2003 18:41, Holger Schletz wrote:
> >
> > > The setup works; both subnets have internet access. However, subnet
A is
> > > still accessible from subnet B and vice versa. This is not what I
want;
> > > instead I want the two subnets to be invisible to each other.
> >
> > Since both networks are on the same physical network and therefor
traffic
> > doesn't need to pass your router to cross from one to the other, this
may be
> > impossible.
> Although it is impossible to prevent that physical traffic can be seen,
it
> is still the fault of the router that clients can reach the other subnet
> (except if each client has its own routing table entry to reach the
other
> subnet). I'm no firewall2 expert, but I wanted to clarify this.
>
> Markus
>
> --
> __________________ /"\
> Markus Gaugusch \ / ASCII Ribbon Campaign
> markus@xxxxxxxxxxx X Against HTML Mail
> / \
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


< Previous Next >
Follow Ups
References