lvs-users
|
To: | Jeff <golfer2@xxxxxxxxxxxxxx> |
---|---|
Subject: | RE: FW: LVS-Tun and Fwmarks |
Cc: | Joseph Mack <mack.joseph@xxxxxxx>, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Horms <horms@xxxxxxxxxxxx> |
From: | Julian Anastasov <ja@xxxxxx> |
Date: | Tue, 9 Jul 2002 00:34:54 +0000 (GMT) |
Hello, On Mon, 8 Jul 2002, Jeff wrote: > Ok, I understand. > > So something like: > > iptables -A FORWARD -i eth0 -s 90.0.0.35/32 -j DROP > iptables -A INPUT -i eth0 -s 90.0.0.35/32 -j DROP > > on the director should plug the hole on the external side? Yes, sort of. May be the router before director should protect you from such spoofing, I'm not sure. If you own the pubnet then you should configure it on internal interface and to put only one host route for the uplink router (which is from the same pubnet). This will make rp_filter to work. Regards -- Julian Anastasov <ja@xxxxxx> |
<Prev in Thread] | Current Thread | [Next in Thread> |
---|---|---|
|
Previous by Date: | RE: FW: LVS-Tun and Fwmarks, Jeff |
---|---|
Next by Date: | Re: maxconns per real server, Horms |
Previous by Thread: | RE: FW: LVS-Tun and Fwmarks, Jeff |
Next by Thread: | Re: FW: LVS-Tun and Fwmarks, Joseph Mack |
Indexes: | [Date] [Thread] [Top] [All Lists] |