|
Hi Lars, Horms,
On Wed, 12 Jan 2000, Lars Marowsky-Bree wrote:
> On 2000-01-12T13:01:37,
> Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx> said:
>
> > eth1/rp_filter=1 when all/rp_filter=1 is very good reason that the
> > packets are not forwarded. The source validation works by checking the
> > source address and the input interface (eth1 in your case). So, for the
> > test please set */rp_filter=0 or at least eth1/rp_filter=0, i.e. by this
> > way we allow packets with saddr=VIP to be forwarded to another device
> > based on your routing table (eth2).
>
> rp_filter does not control the "drop packets with a src address which is also
> a local interface" IIRC.
In fact, the documentation in
Documentation/networking/ip-sysctl.txt is correct:
1 - (DEFAULT) Weaker form of RP filtering: drop all the packets
that look as sourced at a directly connected interface, but
were input from another interface.
I.e. "drop all the packets that look as sourced at a directly
connected interface (eth2), but were input from another interface (eth1).
Is it correct ?
So, if eth1/rp_filter=1 when all/rp_filter=1 this restriction
works, i.e. all packets coming from eth1 with saddr=VIP (eth2 is
configured with VIP) are dropped. Right?
To forward these packets with saddr=VIP we have to set
eth1/rp_filter=0. By this way such packets will be forwarded correctly
through any other interface (eth2). Right?
Sorry that I can't test it.
So, Horms, what are the values in all/rp_filter and eth1/rp_filter
when you are testing. What shows tcpdump. Are you sure that there are no
ARP requests "who has MYROUTER tell VIP" ? You can try to delete the ARP
entry before testing:
RealServer# while true; do arp -d MYROUTER ; sleep 1 ; done
Regards,
Julian Anastasov
----------------------------------------------------------------------
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe, e-mail: lvs-users-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
For additional commands, e-mail: lvs-users-help@xxxxxxxxxxxxxxxxxxxxxx
|
