Routing issue? [SOLVED]

Message

anonybosh · Post by **anonybosh** » Sun Aug 08, 2010 11:32 pm

Hi,
I have a gentoo box connected to 3 networks - eth0 (192.168.0.30) -> internet; bond0 (192.168.1.1) -> private subnet; eth3 (192.168.2.1) -> wifi/public subnet.
I have iptables running, and block the traffic forwarding from each subnet to the others, ie. the machine @ 192.168.1.130 can't ping the machine @ 192.168.2.87, or vise versa.
The issue that I am having is that from eth3, I can access services that are bound to the other 2 interfaces (eth0 and bond0) on the SERVER, which I do NOT want (http, ssh, smb).
ie. From a laptop on the wifi from eth3, I can ping/access eth0 (192.168.0.30) and bond0 (192.168.1.1) and their services.
I can verify that the same is the case from the bond0 subnet as well-- I can ping/access each of the other interfaces (eth0, eth3).
I want to compartmentalize them so that this doesn't happen. I have a suspicion that it has to do with loopback, but I don't know.

Any ideas?
TIA,
-Ryan

Post by Hu » Sun Aug 08, 2010 11:44 pm

You could add iptables rules in the filter table INPUT chain to drop traffic entering on eth0 not destined for the eth0 IP address, entering on bond0 not destined for the bond0 IP address, etc.

anonybosh · Post by **anonybosh** » Sun Aug 08, 2010 11:56 pm

So that seems to work!

Code: Select all

iptables -A INPUT -i bond0 -d 192.168.2.0/24 -j DROP

Thank you much!