routing problem - fork on gateways
Jeremy Fowler
JFowler at westrope.com
Tue Sep 6 13:29:15 CDT 2005
> what gets bypassed with established TCP connections
> is the firewall rules, as an optimization for reducing CPU load
> on firewall machines. That's TCP connections, not routes.
> Routes must involve routers unless there is direct connection,
> (or faking of direct connection through VPN bridging or something
> like that)
Nope, you can always source route a packet. Unless a host along the path filters them. However, in the case there is nothing to stop a application from source routing directly to the firewall and bypassing the router. However, the application would have to specifically do this as it is not done automatically.
More information about the Kclug
mailing list