[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: two ethernet without routing

On Wed, 2002-03-13 at 11:27, jsalord@publicom1010.com wrote:
> There have to be some kind of routing now because I can connect to my apache
> typing the two IPs even I've just one cable connected to eth0.

You have to explicitely block and log spoof attempts. For example, if
you have eth0 on and eth1 on

/sbin/iptables -A INPUT -i eth1 -s -j LOG
/sbin/iptables -A INPUT -i eth1 -s -j DROP
/sbin/iptables -A INPUT -i eth0 -s -j LOG
/sbin/iptables -A INPUT -i eth0 -s -j DROP

This way packets will only be accepted if they come in through the
"right" interface, and you will be alerted if some don't.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: