hannah commodore wrote:
On 15/09/2011, at 11:08, Deon George <dgeorge@au1.ibm.com> wrote:
My laptop has been very successful in communicating with C5 hosts via eth0 address and ppp0 address. Specifically, on my laptop, when I connect to A.B.C.x, the packet arrives on the host on the ppp0 interface, and the reply goes out the eth0 interface (because of a default 10/8 route via that interface). Obviously if I talk to the host on its 10.10.3.0/26 address, the packet arrives and leaves via the eth0 interface.
centos 5 obviously has the sysctl rp_filter disabled, and the others have enabled it.
rp_filter will check incoming source address against its own interface addresses, to try and prevent address spoofing.
disable it in /etc/sysctl.conf and you should be good
RPF is a Good Thing. Rather than disabling it entirely, I recommend turning it off only on interfaces where it doesn't DTRT. Further, recent kernels have rp_filter=2 (i.e. "weak" RPF); if =1 doesn't work, try =2 before =0.