NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Blocking direct private IP address

from [Jan Engelhardt] [Permanent Link][Original]
To: Andrew Kraslavsky <andykras@hotmail.com>
Subject: Re: Blocking direct private IP address
From: Jan Engelhardt <jengelh@linux01.gwdg.de>
Date: Thu, 1 Mar 2007 00:35:14 +0100 (MET)
Cc: netfilter@lists.netfilter.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <BAY119-F18E57FAE6C344557F46010D6810@phx.gbl>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <BAY119-F18E57FAE6C344557F46010D6810@phx.gbl>
Sender: netfilter-bounces@lists.netfilter.org 
On Feb 28 2007 15:20, Andrew Kraslavsky wrote:
>
> If I set up a host on the external/public network with a static route that
> causes it to send traffic addressed to 192.168.0.0/24 to the 10.0.0.1
> external/public IP address of the firewall/router and then attempt to access
> the Web server using 192.168.0.99 as the address, these directly addressed
> packets get through the firewall.

I did not find the question in your mail, but:

Activate "rp_filter", and any hosts on 10.0.0.0/24 that uses a
non-10.0.0.0/24 address as source will be ignored.


Jan
--
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Blocking direct private IP address, Andrew Kraslavsky
Next by Date:  Re: Blocking direct private IP address, Andrew Kraslavsky
Previous by Thread:  Blocking direct private IP address, Andrew Kraslavsky
Next by Thread:  Re: Blocking direct private IP address, Andrew Kraslavsky
Indexes:  [Date] [Thread] [Top] [All Lists]