[j-nsp] Disable telnet/ssh access from virtual routers
Aaron Dewell
aaron.dewell at gmail.com
Wed Jul 15 12:15:14 EDT 2015
Apply a filter on lo0.0 which denies traffic from anything but your management IPs. Or, put a filter on the VR interface denying all traffic destined to that IP itself.
On Jul 15, 2015, at 10:11 AM, Victor Sudakov <vas at mpeks.tomsk.su> wrote:
> Colleagues,
>
> I have customers' networks connected to routing-instances of type
> "virtual-router." These routing-instances are supposed to be isolated
> and use their own address space.
>
> However, a customer can telnet/ssh from their network to the
> virtual-router's IP address effectively telnetting to the main device.
>
> Is there an elegant way to prevent this from happening, i.e. to permit
> telnet/ssh access from hosts in the inet.0 table but deny from hosts
> from the CUSTOMERXX.inet.0 table?
>
> Thanks in advance for any input.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list