Helge Oldach wrote: > > All, > > I wonder whether there are plans to complete implementation of the > "strong ES" model as described in RFC 1122 for multihoming hosts on > FreeBSD. Essentially this would assure that a multihomed host would > send and receive IP packets through the "correct" interface (that is, > the physical interface that is configured with the IP address used in > the packets). > > Currently the incoming part is already present through the > net.inet.ip.check_interface sysctl. If enabled, this would drop packets > which arrive on an interface with a different IP address than the one of > the interface. > > But what about the sending side? This appears to be missing. We would > need to forward packets not according to the routing table, but > according to the source address of the packet (if already defined, > otherwise it would be defined through the routing table first).
This is also called policy routing. > Is anybody aware of this issue? I personally consider this as beneficial > for firewall-type setups. Are there plans to implement it? Claudio and I are (somewhat slower than expected) working on it. We into detail there once we have completet the new natd (release candidate available) and the TCP hostcache (80% done). -- Andre To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message