So we have implemented a Zeroshell router here at the office using the latest beta version (11). We just discovered a pretty major issue: Anybody is able to access our entire network if they are using the same ISP as us. All they would have to do is change their default gateway to be our routers WAN address, and then they would be able to access any of our computers as if they were on the local network.
Here is how I have the box setup:
ETH00 (WAN):
IP: 12.34.56.78
Subnet Mask: 255.255.255.0
ETH01 (LAN):
IP: 192.168.0.2
Subnet Mask: 255.255.255.0
I have NAT enabled on ETH00. The Default gateway is set as 12.34.56.1. RIP is disabled, and everything in my Routing Table is there automatically (except the default gateway which comes up as static).
Does anyone have any suggestions on how to close this gaping hole?
Thanks in advance 🙂