On Fri, May 24, 2002 at 05:40:24PM +1000, Andrew Smith wrote: > Sorry - not really netfilter related ... > But I was wondering if you meant that typical ISP's in the USA use > egress filters to stop people from supplying a source IP address that is > not directly assigned to them and thus stop anyone from having a > multi-homed system with out-bound routing not directly based on the ISP > source the packet was routed in? > This is something I have done for a long time (with a previous ISP > during a change over to a new ISP and with both of my current ADSL ISP's) > and I'd like to know if this is something new that I can expect to start > causing me problems (or have I completely misunderstood the orginal > discussion) > Feel free to reply off list if others on the list might not want to > have to skip the replies.
This should explain what I was talking about way better than I could do it myself: http://www.sans.org/y2k/egress.htm As far as being multi-homed. You'd have to make sure that ips from the new isp went across their network and ips from the old isp went across their network on the outbound. Or you'd have to get your providers to cooperate with you. -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org We tend to see all wars through the lens of the current conflict, and we mine history for lessons convenient to the present purpose. - Brian Hayes
