Jussi Hirvi wrote:
> On 11.5.2010 3.40, Gordon Messmer wrote:
>> Routing policy is definitely required for a multi-homed system such as
>> Jussi presented, but NAT is totally superfluous. It adds an extra layer
>> of complexity that makes the system more difficult to diagnose and
>> configure, and contributes nothing of value in return.
>
> Funny, this morning I came to the same conclusion after some googling. A
> xen box with two bridges should be considered normal, and it should not
> break anything inside or outside the box.
>
> There are good instructions on the net for installing 2 virtual bridges
> on a xen box. But I have found no mention of this specific dual-bridge
> problem I have: that ip traffic goes in ok through any physical nic to
> the dom0 or domUs, but all replies are routed to only one nic (the
> default gateway). (I verified this with tcpdump.)
That's not xen or bridge related. Unless you do policy-based routing, packets
always follow the destination route regardless of where the input was received.
That's a feature, not a bug.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Re: Not firewall, but what?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Not firewall, but what?
- From: Les Mikesell <lesmikesell@xxxxxxxxx>
- Date: Tue, 11 May 2010 08:08:13 -0500
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4BE94F09.5050209@xxxxxxxxxxxx>
- References: <4BE30AFA.8010808@xxxxxxxxxxxx> <20100506183544.GZ7070@xxxxxxxxxxxxxxxxx> <4BE30DAB.7030400@xxxxxxxxxxx> <4BE311D8.4070501@xxxxxxxxxxx> <4BE39955.6030709@xxxxxxxxxxxx> <4BE4183A.8030901@xxxxxxxxxxx> <4BE42317.7060101@xxxxxxxxxxxx> <4BE4BF0A.8000004@xxxxxxxxxxxxxx> <4BE51503.4010209@xxxxxxxxxxxx> <4BE52727.6070207@xxxxxxxxxxxxxx> <4BE5526C.1060906@xxxxxxxxxxxx> <1273325306.9249.9.camel@ethies> <4BE6967F.5070105@xxxxxxxxxxxxxx> <4BE7B6EC.4040102@xxxxxxxxxxxx> <4BE7D6DC.6050808@xxxxxxxxxxxxxx> <4BE7DB61.3030103@xxxxxxxxxxxx> <4BE80824.7030001@xxxxxxxxxxxxxx> <4BE8A791.2040800@xxxxxxxxx> <4BE94F09.5050209@xxxxxxxxxxxx>
- User-agent: Thunderbird 2.0.0.24 (Macintosh/20100228)
- Follow-Ups:
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- References:
- Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Gavin Carr
- Re: Not firewall, but what?
- From: Ryan Manikowski
- Re: Not firewall, but what?
- From: Benjamin Franz
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Benjamin Franz
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: JohnS
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Gordon Messmer
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Not firewall, but what?
- Prev by Date: Re: Not firewall, but what?
- Next by Date: Re: Installing Firestarter
- Previous by thread: Re: Not firewall, but what?
- Next by thread: Re: Not firewall, but what?
- Index(es):
 |