>
> In article <Pine.BSF.3.95q.970817200619.28679D-100000@misery.sdf.com>,
> Tom Samplonius <tom@sdf.com> wrote:
> >> Interesting thing is that if you add a static route for the assigned block
> >> yourself (and point it to the pormaster's ethernet interface address)
> >> the portmaster treats the route as a blackhole - no packets looping,
> >> they just die there at portmaster.
> >
> >Or you can add a manual route to a non-existant address for the blocks.
>
> The nicest way to fix this given the current (3.7) release is to add an
> outgoing filter to the ethernet port blocking all source addresses
> that are not supposed to be in the portmaster. Supposing your pm is
> 192.198.0.1 and in has 192.198.1.0/26 routed to it, add the filter
>
> 1 permit 192.198.1.0/26 0.0.0.0/0
> 2 permit 192.198.0.1/32 0.0.0.0/0
>
> as ofilter to ether0. This has the additional benefit that your customers
> cannot get packets with improper source addresses onto the net, so you
> probably want a filter like this even if you don't need it to prevent
> routing loops.
>
> /Anders
>
> --
> -- Of course I'm crazy, but that doesn't mean I'm wrong.
> Anders Hammarquist | This space | iko@netg.se
> NetGuide Scandinavia | intentionally left blank | Fax: +46 31 50 79 39
> http://www.netg.se | | Tel: +46 31 50 79 40
>
-- Igor V. Semenyuk Internet: iga@sovam.com SOVAM Teleport Phone: +7 095 258 4170 Moscow, Russia Fax: +7 095 258 4133