"route reject" will not do what you want it to do. This command allows the linux routing table to become a NOT-routing table as well. Normally if a packet eligible for routing doesn't match an explicit route, it matches whatever is the best match, all the way up to the default route (or 0.0.0.0/0 ) if that exists. The command you have given will mean that any packets with *destination* 151.193.141.0/24 will be dropped. At the IP routing table level, linux never takes into consideration where packets come from.
The way to do what you want to enable firewall functionality (iptables) and basically control which interfaces can forward packets to which other interfaces. This can happen before routing (on INPUT traffic), which is preferred, or after routing (using OUTPUT or FORWARDING). You could probably either investigate a GUI iptables config tool such as www.fwbuilder.org or check out some example scripts such as at http://www.linuxguruz.com/iptables/ to get some more clues. Martin Visser ,CISSP Network and Security Consultant Technology & Infrastructure - Consulting & Integration HP Services 3 Richardson Place North Ryde, Sydney NSW 2113, Australia Phone *: +61-2-9022-1670 Mobile *: +61-411-254-513 Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin Humphries Sent: Tuesday, 6 January 2004 12:15 PM To: [EMAIL PROTECTED] Subject: [SLUG] Route Reject We need to prevent one network from using our Linux box as a router, whilst allowing another network (on anothger interface) to use it. It seems the "route reject" command will do this; am I right? If so, most of the references I've seen to it require a "route add" or "route del". Is this right? If so, would the correct syntax be: "/sbin/route add -net 151.193.141.0 netmask 255.255.255.0 reject"? Edwin Humphries, Ironstone Technology Pty Ltd [EMAIL PROTECTED] www.ironstone.com.au Phone: 02 4233 2285 Fax: 02 4233 2299 Mobile: 0419 233 051 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
