[TriLUG] Firewall continue.....
Josh Blomberg
josh at ao.net
Mon Apr 1 11:33:06 EST 2002
not sure exactly whats specified by your antispoofing rule, but
maybe packets are getting dropped since their source address isnt
on the same subnet as the interface theyre coming in off of ?
-josh
On Mon, 1 Apr 2002 twyche at vdsinc.com wrote:
>
>
>
>
>
> Refresher:
>
> I have 3 NIC's, one for the internal network, one for the DMZ, and one
> for the outside interface. I'm setting this up behind the router which is
> provided by our ISP, as an extra level of security.
>
> Now, the linux firewall we are building doesn't have to do any NAT /
> masquerading, etc. The router provided by
> the ISP does that part. All it has to do is route packets to the correct
> interface ( DMZ or internal ) and do some packet
> filtering.
>
> Problem:
>
> Each NIC is now on a different subnet (eth0 10.0.0.x ,eth1 10.0.1.x,eth2
> 10.0.2.x)
> The problem I have now packets coming in get drop by ANTI-SPOOFING rule.
>
> Should I be trying to turn the ANTI-SPOFFING rule off or something
> different all together.
>
>
>
>
>
>
>
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
>
>
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
More information about the TriLUG
mailing list