From: Vincent Jaussaud <tatooin@kelkoo.com>
To: lartc@vger.kernel.org
Subject: Re: Re: [LARTC] multipath routing problem [Shorter version] - Help
Date: Mon, 28 Oct 2002 14:29:06 +0000 [thread overview]
Message-ID: <marc-lartc-103581545714031@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103555678715833@msgid-missing>
>
> It seems you can safely alter the TOS for all packets
> entering your box/site.
>
Ok, I'll dig into this tip, and see how it goes.
If I can't figure out this NAT problem, I'll do this.
> May be you can hunt it with tcpdump. I assume your are
> using the patches because the plain kernel has the same problem
> for NAT.
>
Yes, I am running your patch. Kernel is 2.2.22 with routes-2.2.20-7.diff
patch applied. (I'm sure of this, otherwise dead gateway detection will
simply not work.)
My question is, if we ensure that EVERY packets, whatever path they use
to arrive, finally pass through a single peer doing NAT, is this suppose
to work around my TOS problem ?
Eg, end services will only see packets coming from the last NAT address,
which is single whatever path packets used to arrive.
Something like:
LAN --> Multipath Firewall
| |
GW1 GW2
| |
-------------------
|
Gateway
(NAT)
|
--------- Remote Network
What about the rp_filter kernel value ? Could it be a problem in such
setup ?
Thanks again.
Vincent.
> > A big thanks to both of you. I've learned a lot today :)
> >
> > Thanks again.
> > Regards,
> > Vincent.
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
Vincent Jaussaud
Kelkoo.com Security Manager
email: tatooin@kelkoo.com
"The UNIX philosophy is to design small tools that do one thing, and do
it well."
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-10-28 14:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-25 14:38 Re: [LARTC] multipath routing problem [Shorter version] - Help Vincent Jaussaud
2002-10-25 14:55 ` Julian Anastasov
2002-10-25 15:31 ` Vincent Jaussaud
2002-10-25 16:12 ` Julian Anastasov
2002-10-25 18:15 ` Vincent Jaussaud
2002-10-25 18:17 ` Arthur van Leeuwen
2002-10-25 18:21 ` Arthur van Leeuwen
2002-10-25 18:44 ` Vincent Jaussaud
2002-10-25 18:45 ` Julian Anastasov
2002-10-25 19:13 ` Vincent Jaussaud
2002-10-25 19:28 ` Julian Anastasov
2002-10-28 14:29 ` Vincent Jaussaud [this message]
2002-10-28 22:21 ` Julian Anastasov
2002-10-29 16:32 ` Vincent Jaussaud
2002-10-29 22:31 ` Julian Anastasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103581545714031@msgid-missing \
--to=tatooin@kelkoo.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.