LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: FW: LVS-Tun and Fwmarks

To: Jeff <golfer2@xxxxxxxxxxxxxx>
Subject: RE: FW: LVS-Tun and Fwmarks
Cc: Joseph Mack <mack.joseph@xxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Horms <horms@xxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Tue, 9 Jul 2002 00:34:54 +0000 (GMT)
        Hello,

On Mon, 8 Jul 2002, Jeff wrote:

> Ok, I understand.
>
> So something like:
>
>  iptables -A FORWARD -i eth0 -s 90.0.0.35/32 -j DROP
>  iptables -A INPUT -i eth0 -s 90.0.0.35/32 -j DROP
>
> on the director should plug the hole on the external side?

        Yes, sort of. May be the router before director should
protect you from such spoofing, I'm not sure. If you own the
pubnet then you should configure it on internal interface and
to put only one host route for the uplink router (which is from
the same pubnet). This will make rp_filter to work.

Regards

--
Julian Anastasov <ja@xxxxxx>



<Prev in Thread] Current Thread [Next in Thread>