Date: Mon, 14 Aug 2000 18:45:40 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: gerti-freebsdq@bitart.com Cc: questions@freebsd.org Subject: Re: Routing based on source IP? Message-ID: <14744.33956.296043.288496@guru.mired.org> In-Reply-To: <20000814233710.12115.qmail@camelot.bitart.com> References: <14744.32653.437890.388308@guru.mired.org> <20000814233710.12115.qmail@camelot.bitart.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Gerd Knops writes: > Mike Meyer wrote: > > Gerd Knops writes: > > Note that for protection purposes, source routing is generally > > frowned on, as it's to easily forged. You throw out packets from the > > outside world claiming to come from the inside world, and otherwise > > don't trust the source. > If I understand correctly, what I want isn't necessarily the same as > the frowned upon 'source routing' (though I might be wrong). The key words are "for protection purposes". If you're trying to do this to keep hostile users from doing something, it won't work very well. If you're trying to do load or cost balancing or some such, then it's not "for protection purposes". Just remember that forging source addresses is pretty trivial, so if someone wants to avoid this, they will. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14744.33956.296043.288496>