Re: captive web system using DNAT and SNAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 31 December 1969 18:59, netfilter-request@xxxxxxxxxxxxxxxxxxx 
wrote:

> Very interesting.  This makes me think that there is a kernel routing
> caching type issue.  I expect that if this is indeed the case there could
> (or should) easily be a way to flush said cache or adjust a garbage
> collection interval.  This might need to be (summarized and) cross posted
> to a kernel developers mailing list to get their thoughts on it.

You just spurred an idea in me:

My appliance works by creating a separate routing table for each gateway 
connection that is online. As hosts are authorized, to a particular gateway 
aside form the predictable firewall rules,  they get a routing rule, to use 
the proper default route for that gateway.  Like this:
  /sbin/ip rule add from %(hostip)s lookup %(gwtablename)s
  /sbin/ip route flush cache

When the host is deauthorized:
  /sbin/ip rule del from %(hostip)s lookup %(gwtablename)s
  /sbin/ip route flush cache

Maybe I need some more 'flush cache' calls around where I make that routing 
table and destory it...if it's not that there's a bug someplace in the cache 
code.
 




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux