From: "Ming-Ching Tiew" <mingching.tiew@xxxxxxxxxxx> > > I did not go through your post carefully enough to know what you are talking > about. But my question was why do we have to turn off reverse filter path > checking to get multipath routing to work ? The original idea of reverse > filter path checking is to improve security by doing reverse path checking, > ie by checking the source IP address of all packets coming in via an interface > against the networks known to be behind that interface, the firewall/router > can simply drop packets that aren't supposed to come from there. In the > multipath routing case, the packets are INDEED supposed to be from the > interface where it is coming from, why they are dropped ? > Perhaps this is what this patch is all about ? http://www.ssi.bg/~ja/#rp_filter_mask I have noticed that Julian Anastasov's patch has existed long long time ago but it is never included into the standard kernel. I really wonder why. Cheers.