Hello, Yes, I forgot about that requirement. The danger is for services like echo/7/udp (see /etc/services) but anyways, such spoofing should be prevented in the uplink router by dropping packets wit
I've been arguing with myself over the risk of setting accept_local to 1. Our operations staff would really like to be able to test connections while ssh'd into the director, but the idea that Bad Gu
Hello Julian, Your answer helped me solve the problem: Since the box has its public facing interface setup with $DIP and an alias interface for the $VIP I needed to make one more additional setting s
Hello, Probably because VIP is used as source IP in director. Try ip route replace local $VIP dev $DEV proto kernel scope host src $DIP where VIP is your virtual IP and DIP is your unique IP in direc
I have a pretty simple setup for 2 real servers getting direct routing from a linux director. [image: unnamed.png] Things work great for clients outside of the network (like from my local machine), b