Date: Mon, 14 Aug 2000 22:05:38 -0500 From: Dan Nelson <dnelson@emsphone.com> To: Mike Meyer <mwm@mired.org> Cc: gerti-freebsdq@bitart.com, questions@FreeBSD.ORG Subject: Re: Routing based on source IP? Message-ID: <20000814220538.B24766@dan.emsphone.com> In-Reply-To: <14744.33956.296043.288496@guru.mired.org>; from "Mike Meyer" on Mon Aug 14 18:45:40 GMT 2000 References: <14744.32653.437890.388308@guru.mired.org> <20000814233710.12115.qmail@camelot.bitart.com> <14744.33956.296043.288496@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Aug 14), Mike Meyer said: > Gerd Knops writes: > > Mike Meyer wrote: > > > Note that for protection purposes, source routing is generally > > > frowned on, as it's to easily forged. You throw out packets from > > > the outside world claiming to come from the inside world, and > > > otherwise don't trust the source. > > > > If I understand correctly, what I want isn't necessarily the same > > as the frowned upon 'source routing' (though I might be wrong). > > The key words are "for protection purposes". If you're trying to do > this to keep hostile users from doing something, it won't work very > well. If you're trying to do load or cost balancing or some such, > then it's not "for protection purposes". Just remember that forging > source addresses is pretty trivial, so if someone wants to avoid > this, they will. He's not talking about source routing, though. Source routing means embedding routing information in a packet to try and force an intermediate router to route that packet differently. Gerd just has two interfaces on his box, and he wants to be be able to select which interface a particular packet is going to go out on, based on its source address. -- Dan Nelson dnelson@emsphone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000814220538.B24766>