| View previous topic :: View next topic |
| Author |
Message |
anonybosh
Guru
Joined: 20 Nov 2005
Posts: 324
|
 Posted: Sun Aug 08, 2010 11:32 pm Post subject: Routing issue? [SOLVED] |
 |
|
Hi,
I have a gentoo box connected to 3 networks - eth0 (192.168.0.30) -> internet; bond0 (192.168.1.1) -> private subnet; eth3 (192.168.2.1) -> wifi/public subnet.
I have iptables running, and block the traffic forwarding from each subnet to the others, ie. the machine @ 192.168.1.130 can't ping the machine @ 192.168.2.87, or vise versa.
The issue that I am having is that from eth3, I can access services that are bound to the other 2 interfaces (eth0 and bond0) on the SERVER, which I do NOT want (http, ssh, smb).
ie. From a laptop on the wifi from eth3, I can ping/access eth0 (192.168.0.30) and bond0 (192.168.1.1) and their services.
I can verify that the same is the case from the bond0 subnet as well-- I can ping/access each of the other interfaces (eth0, eth3).
I want to compartmentalize them so that this doesn't happen. I have a suspicion that it has to do with loopback, but I don't know.
Any ideas?
TIA,
-Ryan
Last edited by anonybosh on Sun Aug 08, 2010 11:57 pm; edited 1 time in total |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23082
|
| Posted: Sun Aug 08, 2010 11:44 pm Post subject: |
|
|
| You could add iptables rules in the filter table INPUT chain to drop traffic entering on eth0 not destined for the eth0 IP address, entering on bond0 not destined for the bond0 IP address, etc. |
|
| Back to top |
|
|
anonybosh
Guru
Joined: 20 Nov 2005
Posts: 324
|
| Posted: Sun Aug 08, 2010 11:56 pm Post subject: |
|
|
So that seems to work!
| Code: | | iptables -A INPUT -i bond0 -d 192.168.2.0/24 -j DROP |
Thank you much! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
