Hi,
it is possible to add an "Additional Address" with an IP range (and even an IP address) of an already existing interface. That will create severe network/routing problems and should thus be prohibited by webadmin.
How to reproduce:
1.) Create Interface "Internal": 10.1.1.1/24
2.) Crate Interface "DMZ": 40.1.1.1/24
3.) Add "Additional Address" to "Internal": 40.1.1.1/24.
You will get NO error message and the system shows you two interfaces with the IP address 40.1.1.1 and there are two routing table entries for 40.1.1.0/24.
==> routes table
40.1.1.0/24 dev eth4 proto kernel scope link src 40.1.1.1
40.1.1.0/24 dev eth0 proto kernel scope link src 40.1.1.1
broadcast 40.1.1.0 dev eth4 table local proto kernel scope link src 40.1.1.1
broadcast 40.1.1.0 dev eth0 table local proto kernel scope link src 40.1.1.1
local 40.1.1.1 dev eth4 table local proto kernel scope host src 40.1.1.1
local 40.1.1.1 dev eth0 table local proto kernel scope host src 40.1.1.1
broadcast 40.1.1.255 dev eth4 table local proto kernel scope link src 40.1.1.1
broadcast 40.1.1.255 dev eth0 table local proto kernel scope link src 40.1.1.1
Thanks!
Guest User!
You are not Sophos Staff.
