Alexander Steinert wrote: > OK, let's assume we have > an IP subnet N, > a host H in N, > a host G in N and > a host A outside of N. > Packets from H to A go via G, since H is configured as gateway on H. > How save is it to assume that all packets from A to H (the other way > round) go via G? Hmm... Not really safe at all since the specs say that the routes do not need to be symmetrical. Since they are not required to be you can almost certainly assume that at times they will not be symmetrical. Therefore an assumption like that will certainly break something at some time in the future. Could you give us a hint? What are you planning? Usually I find that specific questions like this are often the result of other more general questions and the latter are the more interesting ones. > I'm looking real world examples where a packet enters an IP subnet on > one way (interface) and an answering packet leaves N on another way > (different interface). Larger corporate environments come to mind. If you have a large geographically separated network with multiple external POP routers then it is possible that packets will leave the network by one route but be returned by a different route. Not typical in a SOHO but I could certainly construct one that way. > Only load-balancing or dedicated firewalls come to my mind. Is such > an environment found often? Are the other examples? What other types of firewalls are there if not dedicated? Bob
Attachment:
pgpavLXZVVPuQ.pgp
Description: PGP signature