On 05/13/2011 11:13 AM, Mr Dash Four wrote: > >> Assumeing that class 12 is the correct one, yes. >> >> Just keep in mind that the source IP for eth1:12 will be 10.1.1.12 >> where as on ifb1:12, the destination IP will be 10.1.2.7 (the two are >> not symmetric). >> > Thanks! Good point about the asymmetric nature of the flow too - I am > not using DNAT, so it makes perfect sense the destination address to be > the one of the eth1 interface.
tcfilters always work with packets as they appear "on the wire". So the packets seen on ifb1 would be the same with or without DNAT. tcrules always work with packets before SNAT is applied. Hence, the asymmetry. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
