Re: two ethernet without routing

To: debian-isp@lists.debian.org
Subject: Re: two ethernet without routing
From: "Jean-Marc V. Liotier" <jim@jipo.com>
Date: 13 Mar 2002 12:27:14 +0100
Message-id: <[🔎] 1016018834.672.21.camel@Lukeme>
In-reply-to: <[🔎] 002001c1ca79$afb01290$2101a8c0@pentiumiv>
References: <[🔎] 002001c1ca79$afb01290$2101a8c0@pentiumiv>

On Wed, 2002-03-13 at 11:27, jsalord@publicom1010.com wrote:
> 
> There have to be some kind of routing now because I can connect to my apache
> typing the two IPs even I've just one cable connected to eth0.

You have to explicitely block and log spoof attempts. For example, if
you have eth0 on 192.168.0.0/24 and eth1 on 192.168.1.0/24

/sbin/iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j LOG
/sbin/iptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROP
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j LOG
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j DROP

This way packets will only be accepted if they come in through the
"right" interface, and you will be alerted if some don't.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: two ethernet without routing
  - From: "Jean-Marc V. Liotier" <jim@jipo.com>

References:
- two ethernet without routing
  - From: <jsalord@publicom1010.com>

Prev by Date: Re: two ethernet without routing
Next by Date: Re: two ethernet without routing
Previous by thread: Re: two ethernet without routing
Next by thread: Re: two ethernet without routing
Index(es):
- Date
- Thread