From: "longraider" <longraider@xxxxxxxxx> > Ming-Ching Tiew wrote: > > >>Maybe you need to disable rp_filter (reverse path filtering) on the > >>interface that has not the default route. > >> > >>sysctl -w net/ipv4/conf/eth2/rp_filter=0 > > > > Isn't this a bug in rp_filter ? In multipath routing, it's often the system > > will have multiple routing tables. The rp_filter seems to only look at > > the main routing table. > > > > It looks at different tables (according to ip rule). I've recently > posted a problem with the same solution. The problem was with the fwmark > in the ip rules. > > http://lists.netfilter.org/pipermail/netfilter/2006-August/066553.html > I did not go through your post carefully enough to know what you are talking about. But my question was why do we have to turn off reverse filter path checking to get multipath routing to work ? The original idea of reverse filter path checking is to improve security by doing reverse path checking, ie by checking the source IP address of all packets coming in via an interface against the networks known to be behind that interface, the firewall/router can simply drop packets that aren't supposed to come from there. In the multipath routing case, the packets are INDEED supposed to be from the interface where it is coming from, why they are dropped ? Regards.
