search for: rp_filter

...ed |Added ---------------------------------------------------------------------------- CC| |MidSpeck at hotmail.com --- Comment #8 from Willie <MidSpeck at hotmail.com> 2011-12-16 21:29:19 --- I would again double-check that rp_filter is disabled. Changes were made in kernel version 2.6.31 regarding how rp_filter settings were calculated. That seems right around the time you started seeing the issue in your tests. Make sure you check default, all, and the specific interfaces under /proc/sys/net/ipv4/ Set them all to 0 for test...

...suggests that this happens in fib_validate_source() (in fib_frontend.c) which is only called by route.c. I tried following the diagram by Mathieu Lafon to see if fib_validate_source() is called in ip_rcv() (in ip_input.c), but I don''t read C very well, so I could well be missing where the rp_filter validation is occurring. If I understand the path correctly, the functions are traversed in this order (from most deeply nested first): fib_validate_source() ip_route_input_slow() ip_route_input() ip_rcv_finish() ip_rcv() It seems that ip_rcv() (in ip_input.c) calls the following, and...

...ly weighted. I am seeing, periodically, traffic dropped due to martian detection and errors logged on inbound traffic, but at other times, that same exact traffic will be allowed, no errors. My supposition is this: If I use "ip route get <source_addr>" for the source address that rp_filter is dropping traffic from I can see that it''s reporting that traffic to that address would use the alternate ISP interface from the one it''s being received on (and logged as a martian and dropped). If I continue to use ip get route on that address eventually it will report the int...

Hi, I have two connections to the Internet. I implemented the load balancing as described in chapter 4.2 "Routing for multiple uplinks/providers" The problem that occurred is that the client applications like Yahoo Messenger or even PuTTY (SSH client) are loosing the connection very often. Does anyone experienced this problem? Does anyone knows an workaround for this problem?

...--------- New Features in 2.0.10 The "shorewall status" command has been enhanced to include the values of key /proc settings: Example from a two-interface firewall: /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/default/rp_filter = 0 /proc/sys/net/ipv4/conf/eth0/proxy_arp = 0 /proc/sys/net/ipv4/conf/eth0/arp_filter = 0 /proc/...

...we have done to enable IP forwarding on the RH7.2 node are: (1) In /etc/sysconfig/network, add "FORWARD_IPV4=yes" (2) "echo 1 > /proc/sys/net/ipv4/ip_forward". (3) Change "net.ipv4.ip_forward=1" in /etc/sysctl.conf. (4) "echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter" "echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter" (5) We tried "iptables -F" to flush the rules, but ip forwarding still doesn'' work, so we add some rules as follows. We run "iptables" to configure firewall to enable IP forwarding. iptables -A FORWARD...

...it works great. I have to say I had some trouble with arp flux problem, but, I suppose if I''ve been able to make the three links download at the same time it''s correct to suppose that the arp flux is corrected. Tkweaks to /proc echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth1/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth3/rp_filter echo "0" > /proc/sys/net/ipv4/conf...

...it works great. I have to say I had some trouble with arp flux problem, but, I suppose if I''ve been able to make the three links download at the same time it''s correct to suppose that the arp flux is corrected. Tkweaks to /proc echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth1/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth3/rp_filter echo "0" > /proc/sys/net/ipv4/conf...

Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal

...addr flush dev eth2 ip addr flush dev eth3 ip addr flush dev eth4 ip addr flush dev teql0 ip addr add dev eth1 10.0.0.3/31 ip addr add dev eth2 10.0.0.5/31 #ip addr add dev eth3 10.0.0.7/31 #ip addr add dev eth4 10.0.0.9/31 ip addr add dev teql0 10.0.0.11/31 echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth3/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth4/rp_filter route add -host 10.0.0.2 gw 10.0.0.10 route add -host 10.0.0.4 gw 10.0.0.10 route del -host 10.0.0.6 gw 10.0.0.10 route del -host 10.0.0.8 gw 10.0...

...ot handle 1: netem delay 10ms # tc qdisc add dev eth0 parent 1:1 handle 10: teql0 # tc qdisc add dev eth1 root teql0 # ip link set dev teql0 up # ip addr add dev eth0 10.0.0.1/30 # ip addr add dev eth1 10.0.0.5/30 # ip addr add dev teql0 10.0.0.9/30 # echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter # echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter [root@machine1]# tc qdisc ls qdisc netem 1: dev eth0 limit 1000 delay 100.0ms qdisc teql0 10: dev eth0 parent 1:1 qdisc teql0 8001: dev eth1 qdisc pfifo_fast 0: dev teql0 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Destination Gatewa...

...look like a software firewall, but rather would look like a machine that had no open ports. Does this sound reasonable? What would all of you do? 2. I also read on some website that it is important to use this line in the setup for iptables: echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter What does this do (it said something about spoofing, but I did not understand), and is it necessary? Thank you all for your enlightenment! Robb

Hello, I''m following this HOWTO http://linux-ip.net/html/adv-multi-internet.html to route outgoing SSH from a secondary ISP. I can see using tcpdump,jnettop,iftop that when one of the computers located in my internal network is trying to SSH to a box online using SSH, packets are routed via the secondary internet ethernet card. However, packets don''t seem to know how to get back.

Hi all iam using Iptables+TC+HTB on Redhat 9 working fine with the bandwidth control I am taging my eth1 with Vlan interface with Cisco Switch when even though i have mention ceil, its crossing more than Ceil, when they are effected Virus in their network or DoS attacks, its should be control the mentioned Ceil right, why this uploads are increaing.. when the uploads are increased all the

Can anyone tell me whether I have a routing problem, or an openVPN problem, or something else? I''ve stared at this for so long I think I must be looking in the wrong place! I have 3 machines: Machine A has single ethernet card, eth0, 192.168.5.5 Machine B has eth0, 192.168.5.? on the local net, eth1, 81.2.x.y to the internet, and

...t running in my server: #================================================= P0_NET=10.0.1.0/24 IF0=eth1 IP0=10.0.1.1 IF1=eth0 IP1=xxx.xxx.xxx.7 P1_NET=xxx.xxx.xxx.0/24 P1=xxx.xxx.xxx.1 IF2=eth2 IP2=yyy.yyy.yyy.21 P2_NET=yyy.yyy.yyy.0/24 P2=yyy.yyy.yyy.1 echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter echo 3 > /proc/sys/net/ipv4/route/gc_elasticity echo 1 > /proc/sys/net/ipv4/route/gc_interval echo 0 > /proc/sys/net/ipv4/route/gc_timeout ip route flush cache ip route flush all ip route flush table modem0 ip route flush table modem1 i...

...is affects all VPNs and is a consequence of using "loose" reverse path > filtering for anti-spoofing. The default CentOS setting is strict filtering > but you may have changed this to loose for some unusual routing situations. > Check that the value of /proc/sys/net/ipv4/conf/all/rp_filter is still set > to 1. If it's set to 2 (loose filtering), you're vulnerable. > So for ipv4 CentOS 7 and 8 may not be vulnerable out of the door (they set to 1 versus 0 which the announcement says is kernel default and sfe). However, they found ipv6 works without rp_filter so this is a...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

Configuration: (2) Dual Core Opterons 8GB RAM Apache used to balance 40 mongrel instances We receive Application 500 Errors. Nothing suspect appears in the log, so we are at a lost as to what to do next. Any advice would be welcome and/or an explanation of what types of things cause Application 500 Errors in mongrel. Thanks! - Jared Brown -------------- next part -------------- An HTML

Hello, I have a pretty standard two-interface setup with masquerading, so the local network can connect through the firewall to the Internet. On the firewall box (trevor), eth0 is connected to a cable modem and eth1 is connected to the local network via a crossed cable. There is one other machine on the local network (brian), whose eth0 is at the other end of the crossed cable. I used to have