Re: Entirely ignoring TCP and UDP checksum in kernel level
From: Kalin KOZHUHAROV
Date: Sat Aug 21 2004 - 02:38:46 EST
Josan Kadett wrote:
It is definetely impossible to use IPTables to handle packets with incorrect
checksums since NAT would drop the connection right away, otherwise I would
not have been asking this question here.
-----Original Message-----
From: Aidas Kasparas [mailto:a.kasparas@xxxxxx]
Sent: Saturday, August 21, 2004 8:54 AM
To: Josan Kadett
Subject: Re: Entirely ignoring TCP and UDP checksum in kernel level
How about setting up a separate box which would listen on that
192.168.77.1 address and MASQUERADE connections to your crazy box from
192.168.1.x address? Maybe then you would no longer need to break things
in kernel?
Isn't rp_filter for this?
A chunk of my iptables firewall script is:
# Force route verification
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
So why don't you try:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "0" > $f; done
Kalin.
--
|| ~~~~~~~~~~~~~~~~~~~~~~ ||
( ) http://ThinRope.net/ ( )
|| ______________________ ||
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/