On 5/11/2010 8:32 AM, Jussi Hirvi wrote:
>> Jussi Hirvi wrote:
>>> But I have found no mention of this specific dual-bridge
>>> problem I have: that ip traffic goes in ok through any physical nic to
>>> the dom0 or domUs, but all replies are routed to only one nic (the
>>> default gateway). (I verified this with tcpdump.)
>
> On 11.5.2010 16.08, Les Mikesell wrote:
>> That's not xen or bridge related. Unless you do policy-based routing, packets
>> always follow the destination route regardless of where the input was received.
>> That's a feature, not a bug.
>
> Ok. But this error does not occur on my other CentOS 5 box (mailserver,
> non-xen) which also has 2 nics for 2 public ip segments. There input-nic
> is always = outputnic. And I have done nothing special to achieve this
> (pure "linux magic"). That's why I "blame" bridges - they are the most
> notable difference between these two machines.
That doesn't make much (any?) sense. IP traffic is always
destination-routed unless you do something unusual. On the other hand,
even if you send out to the 'wrong' internet gateway following your
default route, any internet connection should be able to deliver to any
internet destination. Asymmetrical routing is both permitted and
normal, although not necessarily desirable and it may not make it
through stateful firewalls.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Re: Not firewall, but what?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: centos@xxxxxxxxxx
- Subject: Re: Not firewall, but what?
- From: Les Mikesell <lesmikesell@xxxxxxxxx>
- Date: Tue, 11 May 2010 10:50:52 -0500
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4BE95C72.8000702@xxxxxxxxxxxx>
- References: <4BE30AFA.8010808@xxxxxxxxxxxx> <20100506183544.GZ7070@xxxxxxxxxxxxxxxxx> <4BE30DAB.7030400@xxxxxxxxxxx> <4BE311D8.4070501@xxxxxxxxxxx> <4BE39955.6030709@xxxxxxxxxxxx> <4BE4183A.8030901@xxxxxxxxxxx> <4BE42317.7060101@xxxxxxxxxxxx> <4BE4BF0A.8000004@xxxxxxxxxxxxxx> <4BE51503.4010209@xxxxxxxxxxxx> <4BE52727.6070207@xxxxxxxxxxxxxx> <4BE5526C.1060906@xxxxxxxxxxxx> <1273325306.9249.9.camel@ethies> <4BE6967F.5070105@xxxxxxxxxxxxxx> <4BE7B6EC.4040102@xxxxxxxxxxxx> <4BE7D6DC.6050808@xxxxxxxxxxxxxx> <4BE7DB61.3030103@xxxxxxxxxxxx> <4BE80824.7030001@xxxxxxxxxxxxxx> <4BE8A791.2040800@xxxxxxxxx> <4BE94F09.5050209@xxxxxxxxxxxx> <4BE956BD.5060609@xxxxxxxxx> <4BE95C72.8000702@xxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
- References:
- Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Gavin Carr
- Re: Not firewall, but what?
- From: Ryan Manikowski
- Re: Not firewall, but what?
- From: Benjamin Franz
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Benjamin Franz
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: JohnS
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Kahlil Hodgson
- Re: Not firewall, but what?
- From: Gordon Messmer
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Re: Not firewall, but what?
- From: Les Mikesell
- Re: Not firewall, but what?
- From: Jussi Hirvi
- Not firewall, but what?
- Prev by Date: Re: Not firewall, but what?
- Next by Date: Re: clients obtaining dhcp addys slowly
- Previous by thread: Re: Not firewall, but what?
- Next by thread: Re: Not firewall, but what?
- Index(es):
 |