Patrick McHardy wrote: > Jozsef Kadlecsik wrote: >> On Tue, 10 Feb 2009, Patrick McHardy wrote: >> >>> Yes, I know, I'm just wondering why you're using TCP at all for >>> synchronizing. Its not for traffic from the Internet I assume >>> since the node it ends up on is unknown to the outside anyways. >> >> No, that's not the syncronizing traffic, but the "normal" TCP traffic >> to be filtered by the firewalls, which have got multicast MAC >> addresses on their interfaces. > > Multicast traffic is accepted for forwarding just fine, its just > local TCP delivery thats refusing it. So it can't be forwarded > traffic. You usually have some administration facility (like ssh) that would break. Please, think that this can be also used to replace CLUSTERIP (to be used in back-end servers, not only stateful firewalls). -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
