Hello, On Wed, 1 May 2002, Greg Scott wrote: > is all about. I'm still not clear about RP_FILTER but > getting better. Simple thing: IP or ARP packet is accepted only if there is a route in reverse direction, i.e. when the addresses are reversed. Example: packet 10.0.0.1->10.0.0.2 is coming from eth0 and we have a route to 10.0.0.1 via eth0, so the packet is accepted from the reverse path protection (rp_filter) set on eth0. If this packet comes from eth1 (again with rp_filter=1) then it will be dropped because we already have a route via eth0. As result, packets from 10.0.0.0/24, for example, should come only from eth0. In any other case, they will be dropped from other devices with rp_filter protection and always allowed from devices without such protection. The rp_filter is also explained here: http://lartc.org/HOWTO//cvs/2.4routing/html/c1182.html#AEN1188 > reproduced the problem at my place. Then I setup a system > with Red Hat 7.2, which uses kernel 2.4-7. Still old, but not > as old! I set this sytem up as a router in parallel with my > other Linux router and ran the same tests again. This time, > everything did what it was supposed to do. > > So I think the whole thing was a bug with the 2.4-2 kernel. Yes, testing with latest kernel should be the first thing to try :) > thanks > > - Greg Regards -- Julian Anastasov <ja@ssi.bg>
