Results 1 to 2 of 2
Hi, I am curious about a workshop/test setup I have here.. I have a Linux box setup with two NICs - eth0 (WAN) - 10.65.12.1/24 eth1 (LAN) - 192.168.3.1/24 Default ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-22-2012 #1
- Join Date
- Nov 2012
Masquerading working, but "Outside" network can still route inbound
Hi, I am curious about a workshop/test setup I have here..
I have a Linux box setup with two NICs -
eth0 (WAN) - 10.65.12.1/24
eth1 (LAN) - 192.168.3.1/24
Default GW 10.65.12.254
I've enabled kernel IP forwarding and configured masquerading on eth0 -
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
As expected, devices on 192.168.3.0 can access the Internet via masquerading on 10.65.12.1
If a rogue device on the 10.65.12.0 segment (ie 10.65.12.33) sets a static route for 192.168.3.0 via 10.65.12.1... this device can route directly to LAN devices. Is this normal behavior? How could this be stopped?
Cheers and thanks.
- 11-23-2012 #2
- Join Date
- Nov 2009
Well, you cannot given the setup you have configured. If you think about it, it's all working as it should be. The thing you need to address is what is the inbound traffic from 10.65.12.33? You probably need to configure a firewall against 10.65.12.0 restricting what connections you want to allow through it.