Bi-directional gateway - expected behavior?

centibod · Post by **centibod** » 2019/02/05 14:24:45

Please consider the following (probably very common) scenario:

            Gateway|192.168.0.1
                   |
      public       |
               eth1|192.168.0.30
          +--------+---------+
          |                  |
          | Centos 7.6.1810  |
          |                  |
          +--------+---------+
               eth0|10.0.0.30
      trusted      |

In our particular scenario, this is the head node of a small HPC compute cluster, where the 192.x network is an educational LAN, and the 10.x network is private to the worker nodes. They have internet access via the head node because masquerading is enabled in the firewalld config for the public zone (which also auto takes care of ip_forward settings).

Now, my understanding of the public zone is that incoming traffic should be blocked unless otherwise matched to a rule, however we've recently discovered that machines external to the head node (ie others on the 192.x network) can access the private 10.x network by simply adjusting their routing tables and adding the head node as a gateway, eg (on Windows):

Code: Select all

route add 10.0.0.0 mask 255.255.255.0 192.168.0.30

Changing zones so that the 192 network is either block or drop stops this, as does changing the target of public to %%REJECT%% or DROP but shouldn't this - bi-directional gateway for want of a better phrase - be impossible even with the public zone's out-of-the-box settings?