 | | | Question on having dual routers out of a site | Question on having dual routers out of a site 2004-02-03 - By Ken Rossman
Back
I am working with a company that has a LAN with an existing, dual-homed,
Red Hat system being used as a router/firewall. We are planning on
putting
up a second router out to the Internet at large, and I 'm wondering if I
need
to make special considerations to prevent unwanted routing THROUGH this
site:
+-- -----+
|Internet|
+-- -----+
/ \
/ \
RTR1 RTR2
| |
| |
<---+-- ---- ------+--- >
(local LAN)
I assume it 's possible for a site out on the Internet, trying to reach
another
site out on the internet (neither being on the local LAN) to manage to
find
a route THROUGH this local net.
I want to prevent this. Would the best way to do this be to use
iptables to
disallow ALL packets between RTR1 and RTR2? Is there a better way to
do this?
What would be any additional ramifications of doing the iptables DROP
setup above?
tnx,
KR
Ken Rossman
rossman@(protected)
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
|
|
|