Hi Aleksey
I don't think your roles will brake with this command and if you want to
have this permanent just put the follow line in your firewall rule
for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo "0" > ${interface}
done
This helps make sure that packets use legitimate source addresses, by
automatically rejecting incoming packets if the routing table entry for
their source address doesn't match the network interface they're arriving
on. This has security advantages because it prevents so-called IP spoofing,
however it can pose problems if you use asymmetric routing (packets from you
to a host take a different path than packets from that host to you) or if
you operate a non-routing host which has several IP addresses on different
interfaces.
regards
Ignat
-----Original Message-----
From: Aleksey Zakharov [mailto:aleksey_freeswan_at_yahoo.com]
Sent: Monday, 6 May 2002 15:40
To: users_at_lists.freeswan.org
Subject: [Users] /proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be 0
Hello,
When i restart my ipsec i get the following.
# service ipsec restart
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: Starting FreeS/WAN IPsec 1.97...
ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work
ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be 0)
I am not sure if this change will brake my firewall (Shorewall)
also if i do change it how can i do so and what is the file to make this
change permanent. i think it is somewhere in /etc/ .
Can anyone please explain what this means and what i should do, thanks
allot.
_____
Do You Yahoo!?
Yahoo! Health <http://rd.yahoo.com/welcome/*http://health.yahoo.com> - your
guide to health and wellness
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST