On Thu, 9 May 2002, Felix von Leitner wrote: > A service bound to the IP of eth1 is still visible from eth0. > This is not an RFC violation (RFC1122 calls this "weak end host"), but Linux isn't unique in this regard as Solaris has the same behavior. You are correct in that although likely surprising, it isn't a RFC violation. On Solaris you can turn this behavior off with: # ndd -set /dev/ip ip_strict_dst_multihoming 1 On Linux, you could use this IP Tables command (eth0 external, and eth1 internal): # iptables -A INPUT -i eth0 -d IP_of_eth1 -j DROP Lastly, I would comment that most likely the internal interface would be using RFC1918 reserved address space, so an attacker 'out on the net' somewhere wouldn't be able to route packets to the potential vicitim's internal IP address. Dax Kelson Guru Labs
