565998378421675878516ad54d49df3ba021d328
howto/networksettings.md
| ... | ... | @@ -1,12 +1,14 @@ |
| 1 | -The first rule of dn42: Always disable `rp_filter`. The second rule of dn42 |
|
| 2 | -is: Always disable `rp_filter`. The third rule of dn42 is: Allow ip forwarding! |
|
| 1 | +The first rule of dn42: Always disable `rp_filter`. |
|
| 2 | + |
|
| 3 | +The second rule of dn42: Always disable `rp_filter`. |
|
| 4 | + |
|
| 5 | +The third rule of dn42: Allow ip forwarding! |
|
| 6 | + |
|
| 3 | 7 | No serious, in case some packets are dropped check first if your settings are correct. |
| 4 | 8 | |
| 5 | -`rp_filter` also known as reverse path filtering is a security measure, |
|
| 6 | -which drops packages, where the reverse route to the source interface |
|
| 7 | -does not match the source address of the package. However this often happens in dn42, |
|
| 8 | -because routes can be asymmetric (packets can take different routes on the return path). |
|
| 9 | -That is why `rp_filter` needs to be disabled: |
|
| 9 | +`rp_filter` also known as reverse path filtering is a security measure. |
|
| 10 | +When the reverse route to the source interface does not match the source address of the package, the packet is dropped. However dn42 routes can be asymmetric. Which means, packets can take different routes on the return path. |
|
| 11 | +That is why `rp_filter` needs to be disabled. |
|
| 10 | 12 | |
| 11 | 13 | **Note** using sysctl is not persistent. Depending on your linux distribution put it into `/etc/sysctl.conf` or `/etc/sysctl.d` |
| 12 | 14 |