Several network interfaces: preventing access to one interface
Hi there
Here's a question about what seems to be a "normal" behaviour.
I've got a linux box A with 2 network interfaces if_A1 and if_A2.
I have another PC B which is connected to the previous one: they're on the same subnet.
On B, I configure the network in order to use A as a gateway.
This means that for B, the default gateway is the IP address of if_A1.
I disable the routing fonctionality on A (ip_forward=0), and even add a netfilter policy in the FORWARD chain to DROP everything.
There is no bridge or such thing, the netmasks are OK.
So now, from B, when I try to reach the if_A2 IP address (ping, ssh or whatever), it works: A responds to B, using of course the if_A2 as a source IP address.
I would have thought that this should not work, considering this is a kind of routing behaviour.
So, first question, how is it that it works?
Second question: how can I prevent this? I mean, it is easy to prevent it using iptables, but is there a way to prevent it with a simple sysctl or /proc action?
I hope this is kind of clear...
Thanx...
|