DNAT for two external NIC

Ming-Ching Tiew mingching.tiew at redtone.com
Tue Sep 5 04:29:42 CEST 2006


From: "Ming-Ching Tiew" <mingching.tiew at redtone.com>
> 
> I did not go through your post carefully enough to know what you are talking
> about. But my question was why do we have to turn off reverse filter path
> checking to get multipath routing to work ? The original idea of reverse
> filter path checking is to improve security by doing reverse path checking,
> ie by checking the source IP address of all packets coming in via an interface 
> against the networks known to be behind that interface, the firewall/router 
> can simply drop packets that aren't supposed to come from there. In the
> multipath routing case, the packets are INDEED supposed to be from the
> interface where it is coming from, why they are dropped ?
> 

Perhaps this is what this patch is all about ?

                     http://www.ssi.bg/~ja/#rp_filter_mask

I have noticed that Julian Anastasov's patch has existed long long time ago
but it is never included into the standard kernel. I really wonder why. 

Cheers.







More information about the netfilter mailing list