Spoof protection with redundant routes

Claus Fischer (claus.fischer@clausfischer.com)
Mon, 8 Apr 2002 22:02:15 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steven A. DuChene: "2.4.19-pre5-ac3 patch creates x1 file?"
Previous message: Robert Love: "Re: user-mode port 0.56-2.4.18-15"

I have a box with two redundant CIPE tunnels to a
remote network 10.36.x.x.

Routing table:

Destination Gateway Genmask ... Iface
...
10.36.1.12 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb3
10.36.1.11 0.0.0.0 255.255.255.255 UH 0 0 0 cipcb1
10.36.0.0 10.36.1.12 255.255.0.0 UG 0 0 0 cipcb3
10.36.0.0 10.36.1.11 255.255.0.0 UG 0 0 0 cipcb1
...

Now when a packet comes in from 10.36.2.2 on cipcb1, the
spoof protection kills it, since the outgoing packet would
take the route via cipcb3 which is first. I didn't quite
expect that initially.

- Is that known and by design?
- Is that the desired behaviour?
- Is there some possibility to change that?
- Do I have a choice other than to turn off rp_filter?

Claus

-- 
Claus Fischer <claus.fischer@clausfischer.com>
http://www.clausfischer.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Steven A. DuChene: "2.4.19-pre5-ac3 patch creates x1 file?"
Previous message: Robert Love: "Re: user-mode port 0.56-2.4.18-15"