Mandi! Jay Vosburgh In chel di` si favelave... > Another possibility is that, because you're using fwmark in the > routing, you're running afoul of the src_valid_mark sysctl. > By default (src_valid_mark = 0), fwmark is not checked when > performing rp_filter reverse path route lookups. Enabling > net.ipv4.conf.*.src_valid_mark will cause the fwmark to be utilized for > the reverse path lookup. Again, Bingo! And effectively this solution seems too much betetr to me, in respect to rp_filter=0 or =2. Thanks!!! -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
