From: Amit Gandhi <subscribeamit@yahoo.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Forwarded traffic bypassing filter
Date: Fri, 17 Oct 2003 14:59:51 +0000 [thread overview]
Message-ID: <marc-lartc-106640327517152@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106634010031680@msgid-missing>
I think there are ways to apply filters to
PreRouting/Forward/PostRouting stages, I might need to MARK these
packets using 'iptables' & then maybe use the FW filter, but what I want
to understand is if u32 filter can do the same job without marking the
packets?
The reason for such a configuration is to make it look like one flat
network & all these address are managed by one single central DHCP
server. There are reasons for not using it as a bridge, but that drifts
us away from the problem at hand. Suffice to say, all this works,
machineX can get to machine2 & machine2 can get to any of the machineX.
Thanks,
+Amit
--- Lawrence MacIntyre <lpz@ornl.gov> wrote:
> <being extremely subtle...>
>
> I haven't looked at the code, but the path these packets take through
> the IP stack may be "unusual". You have configured your network in a
> very strange manner. Generally, for ethernet networks, you want all
> interfaces in the same subnet to be on the same broadcast network.
> You
> might have better luck if you make Machine1 a bridge or a normal IP
> router. Is there a reason why you have configured your network in
> this
> way?
>
> On Fri, 2003-10-17 at 09:25, Amit Gandhi wrote:
> > The netmask is /8 in my config, but it can be /24 (doesn't matter a
> > whole lot). The traffic is not being bridged at Machine1, its simple
> > routing coz I've setup a route & ARP entry for Machine2 on Machine1
> and
> > IP Forwarding, Proxy ARP is enabled on Machine1.
> >
> > Thanks
> >
> > --- Lawrence MacIntyre <lpz@ornl.gov> wrote:
> > > Is the netmask actually /24 instead of /8 or are you bridging the
> > > traffic with Machine1?
> > >
<SNIP>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-10-17 14:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-16 21:26 [LARTC] Forwarded traffic bypassing filter Amit Gandhi
2003-10-17 12:38 ` Lawrence MacIntyre
2003-10-17 13:25 ` Amit Gandhi
2003-10-17 13:31 ` Lawrence MacIntyre
2003-10-17 14:59 ` Amit Gandhi [this message]
2003-10-17 21:17 ` Amit Gandhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106640327517152@msgid-missing \
--to=subscribeamit@yahoo.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.