From: Julian Anastasov <ja@ssi.bg>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] local address routeable?
Date: Wed, 16 Jul 2003 18:31:41 +0000 [thread overview]
Message-ID: <marc-lartc-105838037623379@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105756545820436@msgid-missing>
Hello,
On Mon, 7 Jul 2003, Christian Stuellenberg wrote:
> I've got a problem to set up a configuration that shoud allow to route
> packets that come in over a certain interface(s) IF1 that then should
> go out to another interface IF2 but are addressed to the local address
> of interface IF3. So only if packets for the address of interface IF3
> come in over interface IF3 they should be locally accepted.
Yes, you have a big problem. Starting from kernels 2.4
and above the routing requires valid source IPs for output
routes. Even if you deliver locally the incoming traffic your
servers can not generate reply if the src IP is not local IP.
What I do not understand from your posts is what is the main
goal? Also, what means "..."? Please, draw picture with all
wires and all kinds of hardware involved: hubs, routers, subnets.
> +------+
> +---IF2/IP2-| HOST |-IF1/IP1---...LAN
> . +------+
> . |
> . IF3/IP3
> | |
> | |
> | |
> +-Internet--...+
> If I'm right, this should tell me, that the kernel now no longer can
> recognize its IP3?!
Yes, the routing code does additionally lookup for
IPs configured on interfaces (yet). The routing decisions are
based on:
- routing table lookups
- IP lookups and checks
> So, is it possible to do what I wanted to do or did I did something
> not the right way?
I'm not sure there is a right way. The task is not trivial.
May be in some next kernel that allows the admin to create any
route and not to apply any IP checks. You now do not have the
full right to add any routes, that is the problem. You can not
control the spoofing checks when saddr=local_IP, the preferred
src IP must be local IP.
> I'm sorry if this question has been asked over and over again, but I
> have googled and looked into the archives but haven't found a solution
> that fits my needs.
>
> Best regards,
> Christian
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-07-16 18:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-07 8:09 [LARTC] local address routeable? Christian Stuellenberg
2003-07-16 18:31 ` Julian Anastasov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105838037623379@msgid-missing \
--to=ja@ssi.bg \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.