Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, I am curious about a workshop/test setup I have here.. I have a Linux box setup with two NICs - eth0 (WAN) - 10.65.12.1/24 eth1 (LAN) - 192.168.3.1/24 Default ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2012
    Posts
    1

    Masquerading working, but "Outside" network can still route inbound


    Hi, I am curious about a workshop/test setup I have here..

    I have a Linux box setup with two NICs -

    eth0 (WAN) - 10.65.12.1/24
    eth1 (LAN) - 192.168.3.1/24

    Default GW 10.65.12.254

    I've enabled kernel IP forwarding and configured masquerading on eth0 -

    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    As expected, devices on 192.168.3.0 can access the Internet via masquerading on 10.65.12.1

    If a rogue device on the 10.65.12.0 segment (ie 10.65.12.33) sets a static route for 192.168.3.0 via 10.65.12.1... this device can route directly to LAN devices. Is this normal behavior? How could this be stopped?

    Cheers and thanks.

  2. #2
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    231
    chubb.

    Well, you cannot given the setup you have configured. If you think about it, it's all working as it should be. The thing you need to address is what is the inbound traffic from 10.65.12.33? You probably need to configure a firewall against 10.65.12.0 restricting what connections you want to allow through it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •