On Wed, Dec 06, 2000 at 10:54:27PM +1100, chesty wrote:
> On Wed, Dec 06, 2000 at 09:32:46PM +1100, chesty wrote:
>
> Hi chesty,
>
> > You can't control what interface you receive packets from.
>
> Well, you can.
>
> > Actually it works fine, and thats how satellite links work.
> > They receive packets on the satellite interface and send
> > them on the land line interface. It works fine.
>
> It sends the packets out the land lines interface, but instead
> of using the land line's interface for the source address, it uses
> the satellites interface. So packets are sent via the land line and
> received via the satellite link.
Assuming we're talking a home user this is only going to work if
you're with a satellite provider eg access one. You can't for example
dial into say telstra and optus and send packets out the telstra
interface with the optus ip address and expect it to come back down the
optus interface.
Most sane ISP implemetn ingress and egress filtering which means
evil packets like those above will get dropped. It's a shame really
because you could do really nifty things, but understandable.
It's just like the first thing you do when you set up a
firewall. you don't accept packets coming from ppp0 with source
addresses of your local eth0 network. Since they must be spoofed and
shouldn't be coming from there. It's called reverse path filtering.
PS: There's now an easy way todo this with 2.2 kernel, the kernel can do
it for you. Just echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
--
John Ferlito
Senior Engineer - Bulletproof Networks
ph: +61 (0) 410 519 382
http://www.bulletproof.net.au/
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
