Hi, On Tuesday, 2008 March 18 at 1:49:37 +0100, Pascal Hambourg wrote: > Hello, > > Eric Leblond a écrit : >> On Monday, 2008 March 17 at 16:13:45 -0400, Sohan Shetty wrote: >>> >>> Here, our box is connected to two distinct networks 192.168.1/24 [...] >> There is no such patch. A similar question was asked some time ago and >> if I remember well, the conclusion was the setup was too weird from a >> firewall point-of-view. > > s/weird/broken by design/ > > The purpose of prefixes is to identify networks. If you use the same prefix > on distinct networks, expect trouble. No, not really. If you use advanced routing capabability of linux this setup can be easily achieved and except for filtering will be working well (with one routing private table per network interface pair). The correct explanation about the problem of conntrack relatively to this setup is given by Jan Engelhardt in his mail. BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/
Attachment:
signature.asc
Description: Digital signature
