Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Unwanted routing between subnets
  • From: Holger Schletz <h.schletz@xxxxxxxxx>
  • Date: Mon, 8 Sep 2003 18:41:14 +0200
  • Message-id: <200309081841.14257.h.schletz@xxxxxxxxx>
Hi,

I'm running a router on SuSE 8.2 which connects 2 local subnets to the
internet. The subnets run over the same NIC with virtual interfaces:

eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A)
eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B)

(Yes, this is a mess, but fixing up this naturally grown network topology
might induce even more trouble.)

eth1 connects to the internet.

The setup works; both subnets have internet access. However, subnet A is still
accessible from subnet B and vice versa. This is not what I want; instead I
want the two subnets to be invisible to each other.
There is no route from A to B or from B to A specified in the
/etc/sysconfig/network directory (is there another place to look at?). Maybe
this problem comes from the virtual interface stuff?

I tried to set up routing rules with the "unreachable", "prohibit" or
"blackhole" option, but I did't find useful documentation on usage of these
options and it did not work as expected. I also tried some custom rules for
SuSEfirewall2, but no success either.

So what routing options and/or iptables rules do I have to use?

Thanks,
Holger



< Previous Next >