Re: DNAT for two external NIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Ming-Ching Tiew" <mingching.tiew@xxxxxxxxxxx>
> 
> I did not go through your post carefully enough to know what you are talking
> about. But my question was why do we have to turn off reverse filter path
> checking to get multipath routing to work ? The original idea of reverse
> filter path checking is to improve security by doing reverse path checking,
> ie by checking the source IP address of all packets coming in via an interface 
> against the networks known to be behind that interface, the firewall/router 
> can simply drop packets that aren't supposed to come from there. In the
> multipath routing case, the packets are INDEED supposed to be from the
> interface where it is coming from, why they are dropped ?
> 

Perhaps this is what this patch is all about ?

                     http://www.ssi.bg/~ja/#rp_filter_mask

I have noticed that Julian Anastasov's patch has existed long long time ago
but it is never included into the standard kernel. I really wonder why. 

Cheers.






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux