> Our problem is that we can see 192.168.1.1 from the departmental
> network.
You can reach a machine on the 192.168.1.0 network your saying? Sounds
like the router is incorrectly configured, unless its done intentionally.
These addresses are never supposed to be routed.
> routed is not running and IP forwarding is off.
>
> Any help on keeping the 192.168. network "private" greatly
> appreciated.
Re-enable IP forwarding and use ipfwadm to restrict access. Your
basically building a firewall at this point. Do you simply want to
prevent telnet access to the network, or secure the 192.168. network and
the data behind it?
# Clear any old rules first
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -F -f
# The next two commands help to prevent IP spoofing
# Deny all internal addresses from external interface
ipfwadm -I -a d -P all -S 192.168.1.0/24 -D 0/0 -W eth0 -o
# Deny all external addresses from internal interface
# /24 assumes Class C -- adjust for your 254.0 (I think /31)
ipfwadm -I -a d -P all -S xx.yy.zz.0/24 -D 0/0 -W eth1 -o
# Block telnet access to 192.168.1.0 network (eth0), from anywhere
ipfwadm -I -a d -P tcp -S 0/0 -D 192.168.1.0/24 21 -W eth0 -o
Dave
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
