RE: FW: LVS-Tun and Fwmarks

To:	Jeff <golfer2@xxxxxxxxxxxxxx>
Subject:	RE: FW: LVS-Tun and Fwmarks
Cc:	Joseph Mack <mack.joseph@xxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Horms <horms@xxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Tue, 9 Jul 2002 00:34:54 +0000 (GMT)

        Hello,

On Mon, 8 Jul 2002, Jeff wrote:

> Ok, I understand.
>
> So something like:
>
>  iptables -A FORWARD -i eth0 -s 90.0.0.35/32 -j DROP
>  iptables -A INPUT -i eth0 -s 90.0.0.35/32 -j DROP
>
> on the director should plug the hole on the external side?

        Yes, sort of. May be the router before director should
protect you from such spoofing, I'm not sure. If you own the
pubnet then you should configure it on internal interface and
to put only one host route for the uplink router (which is from
the same pubnet). This will make rp_filter to work.

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Re: FW: LVS-Tun and Fwmarks, (continued) Re: FW: LVS-Tun and Fwmarks, Julian Anastasov Re: FW: LVS-Tun and Fwmarks, Joseph Mack Re: FW: LVS-Tun and Fwmarks, Julian Anastasov Re: FW: LVS-Tun and Fwmarks, Joseph Mack RE: FW: LVS-Tun and Fwmarks, Jeff Re: FW: LVS-Tun and Fwmarks, Joseph Mack RE: FW: LVS-Tun and Fwmarks, Julian Anastasov RE: FW: LVS-Tun and Fwmarks, Jeff RE: FW: LVS-Tun and Fwmarks, Julian Anastasov RE: FW: LVS-Tun and Fwmarks, Jeff RE: FW: LVS-Tun and Fwmarks, Julian Anastasov <= Re: FW: LVS-Tun and Fwmarks, Joseph Mack Re: FW: LVS-Tun and Fwmarks, Julian Anastasov Re: FW: LVS-Tun and Fwmarks, Joseph Mack

Previous by Date:	RE: FW: LVS-Tun and Fwmarks, Jeff
Next by Date:	Re: maxconns per real server, Horms
Previous by Thread:	RE: FW: LVS-Tun and Fwmarks, Jeff
Next by Thread:	Re: FW: LVS-Tun and Fwmarks, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]