Masquerading working, but "Outside" network can still route inbound
Hi, I am curious about a workshop/test setup I have here..
I have a Linux box setup with two NICs -
eth0 (WAN) - 10.65.12.1/24
eth1 (LAN) - 192.168.3.1/24
Default GW 10.65.12.254
I've enabled kernel IP forwarding and configured masquerading on eth0 -
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
As expected, devices on 192.168.3.0 can access the Internet via masquerading on 10.65.12.1
If a rogue device on the 10.65.12.0 segment (ie 10.65.12.33) sets a static route for 192.168.3.0 via 10.65.12.1... this device can route directly to LAN devices. Is this normal behavior? How could this be stopped?
Cheers and thanks.