unsubscribe

2002-08-10 Thread Manuel Böhm 


-- 

Mit freundlichen Gruessen

Manuel Boehm

_
[EMAIL PROTECTED] -- Internetdienstleistungen
Böhm und Schröder GbR
Kanalstrasse 11
D-30159 Hannover
Fon: 05 11 / 161 57 02
Fax: 05 11 / 161 57 03
URL: http://www.energy-at-work.net

Besuchen Sie auch: www.webelch.de
Unser e-zine rund ums Internet
_

Re: Woody routing question...

2002-08-10 Thread Ted Deppner 
On Fri, Aug 09, 2002 at 11:00:21PM +0200, Marc Haber wrote:
 On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner [EMAIL PROTECTED] wrote:
 If you want to be able to use both IPs from either network (a common
 occurance even if you didn't plan it), you should probably turn off
 RP_FILTER in the kernel.
 
 Why?

rp_filter will drop packets coming in interface A that have a source in
the network of interface B.  It essentially polices that packets that
should come in B have to come in B.  In a well connected mesh, it's
possible to have network B devices route packets through to interface A
(interface B's cable unplugged, route to B becomes available through A;
arp behavior in two NIC networks on the same switch can exhibit this
behavior sometimes as well).

This is only usually a concern where you have two interfaces facing the
same general network traffic.

 use tcpdump -e to actually see the MAC addresses where the packets are
 sent to.

Good point!

-- 
Ted Deppner
http://www.psyber.com/~ted/

Re: Woody routing question...

2002-08-10 Thread Marc Haber 
On Sat, 10 Aug 2002 07:49:14 -0700, Ted Deppner [EMAIL PROTECTED]
wrote:
On Fri, Aug 09, 2002 at 11:00:21PM +0200, Marc Haber wrote:
 On Fri, 9 Aug 2002 10:19:36 -0700, Ted Deppner [EMAIL PROTECTED] wrote:
 If you want to be able to use both IPs from either network (a common
 occurance even if you didn't plan it), you should probably turn off
 RP_FILTER in the kernel.
 
 Why?

rp_filter will drop packets coming in interface A that have a source in
the network of interface B.  It essentially polices that packets that
should come in B have to come in B.

Notice source address. So, rp_filter's setting is irrelevant when it
comes to reaching _any_ ip address of the local host as long as it
comes in from the interface that matches the source address.

This is only usually a concern where you have two interfaces facing the
same general network traffic.

Or when you suspect IP spoofing.

Greetings
Marc

-- 
-- !! No courtesy copies, please !! -
Marc Haber  |Questions are the | Mailadresse im Header
Karlsruhe, Germany  | Beginning of Wisdom  | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29