Network interfaces on non-routing systems use either the “weak host” or “strong host” models for packet transmission and reception (these models are defined in RFC1122). In the “strong host” model, a system that is not acting as a router cannot send or receive any packets on a given interface unless the destination/source IP in the packet is assigned to the interface. In the “weak host” model, this restriction does not apply.
In order for DSR to work, the “weak host” model must be enabled on the server’s loopback interface, as well as the interface on which requests are received from FortiADC.
Most Linux and Unix systems default to the “weak host” model on all network interfaces, so no additional configuration is usually necessary. For example, on FreeBSD and NetBSD, this behavior is controlled by the setting of sysctl net.inet.ip.check_interface, which by default is set to 0 (“weak host”).
Windows XP and Windows 2003 use the “weak host” model on all IPv4 interfaces and the “strong host” model on all IPv6 interfaces, and this is not configurable.
Windows Vista and Windows 2008 support “strong host” by default on all interfaces, but this is configurable for individual interfaces. Use the following command to list interface status:
|
netsh interface [ ipv4 | ipv6 ] show interface |
The following three command are an example of changing the mode to “weak host” for the LAN and loopback interfaces:
|
netsh interface ipv4 set interface "Local Area Connection" weakhostreceive=enabled netsh interface ipv4 set interface "Loopback" weakhostreceive=enabled netsh interface ipv4 set interface "Loopback" weakhostsend=enabled |
The interface names used in quotes above must match the interface names that appear in the Windows Network Connections folder.