| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Dec 2011 17:44:03 +0100 From: Michal Soltys <soltys@....info> To: Greg Scott <GregScott@...rasupport.com> Cc: David Lamparter <equinox@...c24.net>, netdev@...r.kernel.org Subject: Re: ebtables on a stick On 11-12-02 17:20, Greg Scott wrote: > OK. But I dunno.... I set eth0 on the router with the same address as > the real host behind it on eth1. So something comes in on eth0 for > 1.2.115.157. The router has that as its own address now, plus a route > to somebody else with the same address on eth1. But as far as the > router/firewall is concerned, that packet is already delivered - why > would it forward it out on eth1? > Where the packet gets delivered is decided by the routing - and the very first table traversed is local - which is auto filled by the kernel. But that routing rule still can be forcibly removed, after which the next matching one is the one added manually - after which the packet will end in FORWARD, instead of INPUT. (and keep in mind earlier David's warning about confusing programs/services - it's still doable, but requires more manual labor - proxy is certianly cleaner and just works) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists