Re: Question on having dual routers out of a site

From: Ken Rossman (rossman_at_columbia.edu)
Date: 02/03/04

  • Next message: Eric Evans: "Re: confused about rpm dependencies" 
    To: redhat-list@redhat.com
Date: Tue, 3 Feb 2004 14:50:05 -0500

    On Tuesday, February 3, 2004, at 02:22 PM, Stuart Sears wrote:
    > On Tuesday 03 February 2004 17:42, Ken Rossman wrote:
    >> I assume it's possible for a site out on the Internet, trying to reach
    >> another site out on the internet (neither being on the local LAN) to
    >> manage to find a route THROUGH this local net.
    >
    > the external IPs are fixed, right?

    Yes they are/will be. I'm not sure I'd even want to try to bottleneck
    this kind of traffic if I were dealing with dynamic addressing...

    >> I want to prevent this. Would the best way to do this be to use
    >> iptables to disallow ALL packets between RTR1 and RTR2? Is there
    >> a better way to do this?
    >
    > you could use connection tracking - drop all packets that are not part
    > of
    > an existing/related connection. (Be aware that this takes more memory
    > than
    > normal iptables rules).

    Can you point me at reference material explaining connection tracking?
    That's a new term to me. And if it's just extra memory in the routers
    themselves, then I think we're still OK, as they are solely router /
    firewalls and they are quite reasonably configured (512MB or so).

    Thanks,
    KR 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Eric Evans: "Re: confused about rpm dependencies"