old iptables, insmod commands

Thu, 23 Mar 2000 11:37:42 +0000

Rusty Russell (rusty@linuxcare.com.au) wrote:
> In message <200003230301.TAA12937@mail.cybcon.com> you write:
> > why can I successfully ping eth1 in the following diagram:
> > 
> >   me---------eth0[machine]eth1-----other network
> > 
> > when I have no rules in the FORWARD table and its policy is DROP?
> 
> Because the machine answers on both interfaces, to both addresses.
> Weird but true.  You'll see that ping in the INPUT chain though.

This is (essentially) a problem that I was experiencing yesterday too
(odd that...).  I asked locally and was directed to a kernel patch at:

http://mail-archive.com/linux-kernel%40vger.rutgers.edu/1999-month-12/msg00123.html

(Apologies for the long line...)

However, as I understand it there is some discussion as to what the
`correct' behaviour actually is.

Nick.