Re: Asymmetric routing and connection tracking

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tore Anderson <tore@linpro.no>
To: Thomas Jacob <jacob@internet24.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: Asymmetric routing and connection tracking
Date: Wed, 08 Aug 2007 09:55:25 +0200	[thread overview]
Message-ID: <46B976ED.30902@linpro.no> (raw)
In-Reply-To: <1186494447.28140.57.camel@localhost>

* Thomas Jacob

> So in the scenario described, R1 wouldn't do any stateful packet 
> filtering for packets to and from the internal server network? But 
> the connections will be added to the connection tracking table of R1
> nonetheless (unless you use the NOTRACK target in raw), only not with
> an ESTABLISHED state which probably means they timeout more often
> than needed and you have more insert/remove actions over the
> connection tracking hash table, maybe that's the source of your
> problem.
> 
> You could try the NOTRACK/raw thing on the (internal-)standby-router,

  Hmm.  I was not aware of NOTRACK/raw.  This is very interesting and
 on first look it seems like exactly the thing I needed.  Thank you very
 much for the pointer!  I'll dig into it now.  :-)

Regards
-- 
Tore Anderson

     prev parent reply	other threads:[~2007-08-08  7:55 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-08-07  7:06 Asymmetric routing and connection tracking Tore Anderson
2007-08-07 11:59 ` Thomas Jacob
2007-08-07 13:19   ` Tore Anderson
2007-08-07 13:47     ` Thomas Jacob
2007-08-08  7:55       ` Tore Anderson [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46B976ED.30902@linpro.no \
    --to=tore@linpro.no \
    --cc=jacob@internet24.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.