Ip spoofing

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: MegaZone: "Ip spoofing (fwd)"
• Previous message: Joe Portman: "Re: NO multiple logins !! Livingston won't listen (fwd)"

I'm trying to set up a filter in the wan port to block ip spoofing from
the Internet. I'm using a PM2ER30. I tried:

deny 200.255.96.0/0 0.0.0.0/0 log

but my dial-in users could not authenticate. I got PM 1 deny UDP ... and it's
local (assigned from the pool) ip.

I'm subnetting my network with 255.255.255.224 .
The assigned pool starts at the second block. The first block is reserved to my
computers.

Megazone told me to use:

deny 200.255.96.0/27 0.0.0.0/0 log

It works, but just protect the first subnet from spoofing, right ?
What I understood from the IN W1 filters, please correct me if I'm wrong,
is that they block what come from the wan port, so why if I use 200.255.96.0/32,
my dial in users can't authenticate? The PM consider the dial-in ports
outsiders also?

Any help would be greatly appreciated!

Regards,
Helio.

• Next message: MegaZone: "Ip spoofing (fwd)"
• Previous message: Joe Portman: "Re: NO multiple logins !! Livingston won't listen (fwd)"