Re: Question on having dual routers out of a site
From: Ken Rossman (rossman_at_columbia.edu)
To: firstname.lastname@example.org Date: Tue, 3 Feb 2004 14:50:05 -0500
On Tuesday, February 3, 2004, at 02:22 PM, Stuart Sears wrote:
> On Tuesday 03 February 2004 17:42, Ken Rossman wrote:
>> I assume it's possible for a site out on the Internet, trying to reach
>> another site out on the internet (neither being on the local LAN) to
>> manage to find a route THROUGH this local net.
> the external IPs are fixed, right?
Yes they are/will be. I'm not sure I'd even want to try to bottleneck
this kind of traffic if I were dealing with dynamic addressing...
>> I want to prevent this. Would the best way to do this be to use
>> iptables to disallow ALL packets between RTR1 and RTR2? Is there
>> a better way to do this?
> you could use connection tracking - drop all packets that are not part
> an existing/related connection. (Be aware that this takes more memory
> normal iptables rules).
Can you point me at reference material explaining connection tracking?
That's a new term to me. And if it's just extra memory in the routers
themselves, then I think we're still OK, as they are solely router /
firewalls and they are quite reasonably configured (512MB or so).
-- redhat-list mailing list unsubscribe mailto:email@example.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list