From: Tobias Oetiker (oetiker@ee.ethz.ch)
Date: Tue Jan 11 2005 - 02:13:37 EST
Hi,
We have a multi-homed Solaris box serving as a boot-server in several
subnets. The machine does not route.
Our Networking People now want to introduce anti-spoofing filters
on each of the subnets routers/switches.
This raises an interesting problem.
When a client host opens a connection to the multi-homed servers main
interface (which is not in the local subnet) the answer will be
sent through the servers interface connected to the clients subnet.
This does not play well with the anti-spoofing filters (or so our
network people tell us)
Is there any way to tell a Solaris box to always answer on the same
interface as it received the packet in the first place ?
So if a TCP connection is opened on hme0 it should send the answer out
through hme0 regardless of the fact that hme1 is on the same subnet
as the machine that opened the connection to hme0 ?
cheers
tobi
-- ______ __ _ /_ __/_ / / (_) Oetiker @ ISG.EE, ETL F24.2, ETH, CH-8092 Zurich / // _ \/ _ \/ / System Manager, Time Lord, Coder, Designer, Coach /_/ \.__/_.__/_/ http://people.ee.ethz.ch/oetiker +41(0)44-632-5286 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:58 EDT