routing problem - fork on gateways
David Nicol
davidnicol at gmail.com
Tue Sep 6 13:17:18 CDT 2005
On 9/5/05, Jack <quiet_celt at yahoo.com> wrote:
> read the RFCs, but IIRC once a connection is
> "established" it will bypass the router if that makes
> a shorter route. This is what you *want* to happen
> anyway, if your router is seperate from the firewall.
> If the firewall is compromised though, all bets are
> off. Of course, it's easy to test my hypothesis by
> running ethereal on the router, firewall and client
> pc.
>
> Brian JD
what gets bypassed with established TCP connections
is the firewall rules, as an optimization for reducing CPU load
on firewall machines. That's TCP connections, not routes.
Routes must involve routers unless there is direct connection,
(or faking of direct connection through VPN bridging or something
like that)
More information about the Kclug
mailing list