> You'll want to create a firewall rule. By default, a router > just forwards the traffic it's sent (assuming it can find a > route to use for forwarding . . .) > > Best, > Justin > > On Jan 17, 2008 11:39 AM, Ben Speckien <[EMAIL PROTECTED]> wrote: > > I am using Vyatta as a gateway to the internet and have > noticed that > > it passes un-NATed private addresses out the public interface. Is > > there a way to turn this feature off or should I make a > firewall rule?
This may also be the result of some sort of misconfiguration. As Justin says, by default the router just forwards on to what it thinks is the next hop. If you just configure your Internet router with a default route to your provider, then when any packet shows up destined to any private network that it doesn't know about inside your company, it will forward it to your provider. Rather than (just) installing a set of filters to block that traffic (although that would probably be a good idea, too), you might want to examine the routes on all of the routing equipment in your network to determine how private addresses are reaching your router in the first place. You might need to add some static routes somewhere, possibly on your Internet router, to make sure things are going where they are supposed to. -- Dave _______________________________________________ Vyatta-users mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/vyatta-users
