Re: Fw: Can a daemon listen only on some interfaces?

To: Plato <tom@redant.freeserve.co.uk>
Cc: debian-security@lists.debian.org
Subject: Re: Fw: Can a daemon listen only on some interfaces?
From: Tim Haynes <debian@stirfried.vegetable.org.uk>
Date: 10 Dec 2001 12:22:44 +0000
Message-id: <[🔎] 86d71ne02z.fsf@potato.vegetable.org.uk>
Reply-to: debian@stirfried.vegetable.org.uk
In-reply-to: <[🔎] 20011210120953.A1287@henry> (Plato's message of "Mon, 10 Dec 2001 12:09:53 +0000")
References: <[🔎] 001901c18024$8a7e5e40$0300000a@Oneil> <[🔎] E16CqPn-00087i-00@debian.dyndns.org> <[🔎] 20011209121208.A977@flea.home> <[🔎] E16D3mj-0005dr-00@debian.dyndns.org> <[🔎] 002501c180d9$37b2ae40$0300000a@Oneil> <[🔎] 86adwsjn6w.fsf@potato.vegetable.org.uk> <[🔎] E16D8xU-0007vy-00@debian.dyndns.org> <[🔎] 20011210120953.A1287@henry>

Plato <tom@redant.freeserve.co.uk> writes:

> > >         echo 1 > /proc/sys/net/ipv4/conf/*/rp_filter
> > > with    echo 1 > /proc/sys/net/ipv4/conf/*/log_martians
> > > for logging/fun purposes.
> > 
> > rp_filter will not help with that.
> 
> I thought that rp_filter was for precisely this. Doesn't it stop packets
> which appear on interfaces with invalid IP addresses for that interface
> from getting through?

It's a return-path filter; if flipping the src/dest IP#s wouldn't send it
back out the same interface, it doesn't come in at all. 

So a specially routed packet from a.b.c.d -> 127.0.0.1 coming in on eth0
becomes a             packet from 127.0.0.1 -> a.b.c.d going back out

That certainly looks wrong to me, although I'm not /sure/ it would produce
the required interface conflict for rp_filter.


~Tim
-- 
We're just souls across a                   |piglet@stirfried.vegetable.org.uk
           shrinking world                  |http://spodzone.org.uk/
In a distant starlit night                  |

Reply to:

Follow-Ups:
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin <mdevin@ozemail.com.au>

References:
- Fw: Can a daemon listen only on some interfaces?
  - From: "Phillip Hofmeister" <plhofmei@svsu.edu>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: mdevin@ozemail.com.au
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: "Phillip Hofmeister" <plhofmei@svsu.edu>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Guido Hennecke <g.hennecke@t-online.de>
- Re: Fw: Can a daemon listen only on some interfaces?
  - From: Plato <tom@redant.freeserve.co.uk>

Prev by Date: Re: Fw: Can a daemon listen only on some interfaces?
Next by Date: Re: Fw: Can a daemon listen only on some interfaces?
Previous by thread: Re: Fw: Can a daemon listen only on some interfaces?
Next by thread: Re: Fw: Can a daemon listen only on some interfaces?
Index(es):
- Date
- Thread