On Sat, Aug 13, 2005 at 08:00:31AM +0300, Al Boldi wrote: > Ronny wrote: > > Al Boldi wrote: > > >Now: > > >Host receives ping from 10.0.1.2/8 on 10.0.0.0/8 eth0 > > >Host replies to 10.0.1.2 using route 10.0.1.0/24 eth1. > > > > > >Host should have replied to 10.0.1.2 using route 10.0.0.0/8 eth0! > > Also, the idea to default route a packet by matching it to the most > bits and dropping the fact it came in on a different network/dev is > strange! Nope, the ping reply is a brand new packet and will go out of whatever interface is decided for that destination. There's no reason for it go out the same interface as the packet it's responding to. The question is why a packet from 10.0.1.2 came in on eth0, shouldn't it have come in on eth1? You have a serious case of asymmetric routing going on here. If a TCP connection from 10.0.1.2 comes in on eth0, the replies to that are also going to go out eth1. Unless you setup rules to do otherwise, the *source* of the packet is irrelevent for routing, as is what it's replying to, only the *destination* matters. Hope this helps, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a > tool for doing 5% of the work and then sitting around waiting for someone > else to do the other 95% so you can sue them.
Attachment:
pgpvk6I3y5031.pgp
Description: PGP signature
