Re: [FW1] anti-spoofing on aliased interfaces

Mon, 02 Oct 2000 03:54:03 -0700 


Just another problem related to virtual interfaces:

I've blocked telnet to the firewall - but I can still connect to the telnetd
using a virtual interface as destination! How can I block that?

TIA,

Dieter Gobbers

On 29-Sep-00 Karim Ismail/Markham/Contr/AT&T/IJV wrote:
> 
> 
> 
> Lance
> 
> the virtual addresses do not show up in FW-1 interfaces screen
> 
> FW-1 ignores virtual interfaces, so anti-spoofing is performed on the
> physical interface.    if you want to use virtual
> interfaces with anti-spoofing, define 2 net objects (one for each subnet)
> and create a group consisting of those objects.
> then you can put the group in the physical interfaces anti-spoofing entry,
> just as if there were another physical network
> connected to the interface.
> 
> 
> 
> Karim Ismail
> Internet: [EMAIL PROTECTED]
> 
> 
> Lance Spitzner <[EMAIL PROTECTED]> on 09/29/2000 02:33:53 PM
> 
> Please respond to Lance Spitzner <[EMAIL PROTECTED]>
> 
> To:   [EMAIL PROTECTED]
> cc:
> Subject:  [FW1] anti-spoofing on aliased interfaces
> 
> 
> 
> 
> 
> I've aliased an interface (hme0:1) on FW ver 4.1, running on Solaris.
> 
> Can one add an aliased interface to the interface objects
> on a firewall?
> 
> Can one setup anti-spoofing on an aliased interface?
> 
> Last, does the aliased interface show up on the 'fw stat -li'
> command?
> 
> Thanks!
> 
> --
> Lance Spitzner
> http://www.enteract.com/~lspitz
> 
> 
> 
> 
> ==============================================================================
> ==
> 
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================================
> ==
> 
> 
> 
> 
> 
> ==============================================================================
> ==
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================================
> ==

Dieter Gobbers
UNIX Systems and Network Administrator
-- 
im Auftrag des FAW Ulm (http://www.faw.uni-ulm.de)

Ingenieurbuero Dieter Gobbers; Unix- und Netzwerkberatung und -betreuung
Kreuzstr. 19, 89160 Dornstadt, Tel.: 07348/928538
email: [EMAIL PROTECTED], http://www.gobbers.de


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to