Re: Kernel Routing sequence

From: Meelis Roos
Date: Sun Aug 14 2005 - 15:55:36 EST


>> IP address being a part of a IP network is just plain bitwise
>> calculation and has nothing to do with interfaces.
AB>
AB> This is obvious, but the fact that the Kernel accepted the packet on
AB> eth0 implies it is either part of 10.0.0.0/8 or 10.0.0.0/24.

No, it does not imply. It only implies that it was either sent via a
router that has a link-level connection to eth0 or from a host that has
a link-level connection to eth0.

AB> Yes, but what if your routing requirements are dynamic based on
AB> src/dest-net/mask? Are you saying it is not possible to make such a
AB> routing decision?

What exactly are you trying to achieve?

>> There is one additional thing you might want to have a look at when
>> you are building routers with asymmetric routing: rp_filter. You
>> might to want to turn it off for the interfaces in questions.
AB>
AB> Isn't that the default?

Several distributions turn it on as a security measure (so you can
prevent some kinds of IP spoofing on a gateway host without any
filtering rules). At least Debian does turn it on from my recent
experiences.

--
Meelis Roos
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html