Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 3396 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop External RFC-1918

slashdevnull
For some reason, I'm able to route to and ping IPs in the 10.x.x.x/8 network out on my ISP's network from within my NATted LAN.  This causes problems for me inside of my network, as the Windows hosts complain about "IP already in use" when trying to assign them certain RFC-1918 IPs.

How do I configure my ASG to drop traffic bound to RFC-1918 addresses *outside* of my internal network?  Bear in mind, I use 192.168.x.x, and 10.x.x.x on my internal network, and don't want to break things like VPNs (which use 10.242.[1-4].x, iirc).

I'm running 7.104.

Thanks!


This thread was automatically locked due to age.
Parents
  • 0
    i slashdevnull, 

    you should be able to do this by using the 'interface' attribute of the network definition object. just create a network definition:
    name: 'ISP 10/8 network'
    baseip: 10.0.0.0
    netmask: /8
    interface: External Interface

    than reject all traffic from Internal Network -> ISO 10/8 network. 

    That's it, the ipsec traffic is not affected as it is routed through the virtual ipsec0 interface, which does not match the external interface. 

    i hope that helps, 

    regards
    Gert
  • 0 in reply to Gert Hansen
    I believe that's what I tried earlier, but I'll give it another go and see what happens.
Reply Children