I'm facing a situation that I would like to understand. Here is the situation, that can be reproduced:
On Centos7 OS. Configuration of two interfaces eth1 and eth2 with ip adresses X and Y
Code: Select all
-----------------> @X CENTOS @Y -----------------> @Z -------
dst_IP = A dst_IP = A
src_IP = B dst_IP = B
add a route as following :
Code: Select all
Destination Gateway GenMask
A Z 255.255.255.255
Code: Select all
sysctl net.ipv4.ip_forward=1
sysctl net.ipv4.conf.eth1.rp_filter=2
sysctl net.ipv4.conf.eth2.rp_filter=2
In this situation, if I route a packet (@dest=A) to CentOS, the paquet is routed to Z. -> Why firewalld does not block it? as there is no rule to accept it
If I disable masquerade , the paquet is not routed anymore. -> Why ?
With masquerade activated, if I change the target from default to DROP, the paquet is not routed anymore -> So the "default" target is not strictly identiqual to "DROP" target. What are exactly the differences ? I couldn't find any clear information