E.S. wrote: > Thanks for your answer. > >> There are at least two different answers to this. If you subscribe to >> the "Strong ES" model of the Universe (not the default; you have to set >> the ip_strict_dst_multihoming ndd variable to break your system in that >> way), then it must match the input interface's local address. If it >> doesn't, then the packet is dropped. For the "Weak ES" model (the >> default for Solaris and most other systems and generally required for >> external routing to work), the address just has to match one of the >> local addresses configured on any interface on the system. > > Ok. Solaris by default routed between interfaces of it own. You right: > > # ndd -get /dev/ip ip_strict_dst_multihoming > 0 > > But is it really "the default for most other systems" to forward between > interfaces with different netwokrs??
There's no routing or forwarding going on in this instance. It's _merely_ a matter of determining which packets are "for self" and which ones are not. And, yes, Weak ES really is the default for just about everything. Strong ES destroys standard IP routing pretty effectively -- even if (or especially if) the system trying to use Strong ES isn't the one that's actually involved in routing. It breaks routing for everybody else. What you're referring to as "routing" occurs only when a packet is determined to be "not for this node." When that happens, the system has to determine whether it will forward it somewhere else (and if so, where) or it will just drop it. That determination, though, is after the check to see whether it's local. >> [The assumption I'm making here, and that I can't prove, is that >> 192.168.0.2 on your network is the address of a router that knows how to >> forward packets to 10.10.10.3.] > > Yes and no, I try to make the Solaris box to be a router/forwarder. It had > worked but no more. but it is another story :) Now i try to understand how > solaris networking is done and i found that funny routing "problem". > An example: FreeBSD's forwarding between interfaces is off by default . I > think it is in Windows too. It is off by default with OpenSolaris as well. We're just not talking about forwarding in the problem you're looking at. ;-} One other bit that may surprise you: IP transmission depends *ONLY* on the destination address. Thus, when the system receives a packet sent to 10.10.10.3 with source 192.168.5.1 (or whatever) over interface X, that event has *NO EFFECT* on what interface the system might use to send any future reply packet. It won't just send packets back out interface X merely because that's where the original request came. In fact, the IP stack itself doesn't even know that a packet is a "reply" to some previous one. It just sees packets. Instead, it will look up the destination for the packet, and use the best matching kernel route. Always. It has nothing to do with "routing." And it has nothing to do with the source address. The system is perfectly happy using the source address assigned to interface X on packets sent out interface Y. That's just how IP works. This is another important consideration in what I think you're trying to build. If you want to disallow particular sorts of transmission or reception, then what I think you really want are packet filters. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
