>That's a "normal" Linux behaviour. Linux answers packets destined to any >of its own IPs own any interface, as long as your INPUT filtering rules >allows it. You can set something like : > > iptables -A INPUT -d 192.168.1.5 -i ! eth1 -j DROP > iptables -A OUTPUT -s 192.168.1.5 -o ! eth1 -j DROP Hmm... I was afraid this was the case. So in the common small scale setup with one box acting as router, firewall and internal web and smtp server, this is an absolute must. Or your "internal" web and smtp services will in fact be open to anyone. So what is the point in configuring daemons to listen only on specific addresses? This is probably a surprise to some, as it is to me. Quite a few firewall packages and setups miss this point. Simon
