On Feb 28 2007 15:20, Andrew Kraslavsky wrote: > > If I set up a host on the external/public network with a static route that > causes it to send traffic addressed to 192.168.0.0/24 to the 10.0.0.1 > external/public IP address of the firewall/router and then attempt to access > the Web server using 192.168.0.99 as the address, these directly addressed > packets get through the firewall. I did not find the question in your mail, but: Activate "rp_filter", and any hosts on 10.0.0.0/24 that uses a non-10.0.0.0/24 address as source will be ignored. Jan --
