Re: Kernel Routing sequence

From: Meelis Roos
Date: Sun Aug 14 2005 - 15:55:36 EST

>> IP address being a part of a IP network is just plain bitwise
>> calculation and has nothing to do with interfaces.
AB> This is obvious, but the fact that the Kernel accepted the packet on
AB> eth0 implies it is either part of or

No, it does not imply. It only implies that it was either sent via a
router that has a link-level connection to eth0 or from a host that has
a link-level connection to eth0.

AB> Yes, but what if your routing requirements are dynamic based on
AB> src/dest-net/mask? Are you saying it is not possible to make such a
AB> routing decision?

What exactly are you trying to achieve?

>> There is one additional thing you might want to have a look at when
>> you are building routers with asymmetric routing: rp_filter. You
>> might to want to turn it off for the interfaces in questions.
AB> Isn't that the default?

Several distributions turn it on as a security measure (so you can
prevent some kinds of IP spoofing on a gateway host without any
filtering rules). At least Debian does turn it on from my recent

Meelis Roos
