From owner-freebsd-net@FreeBSD.ORG Sat Feb 25 13:47:01 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3179E16A420 for ; Sat, 25 Feb 2006 13:47:01 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE64E43D45 for ; Sat, 25 Feb 2006 13:47:00 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 43ED35C99; Sat, 25 Feb 2006 08:47:00 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79432-01; Sat, 25 Feb 2006 08:46:59 -0500 (EST) Received: from [192.168.1.3] (pool-68-161-83-14.ny325.east.verizon.net [68.161.83.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 16A055C10; Sat, 25 Feb 2006 08:46:59 -0500 (EST) Message-ID: <44005FD4.2010100@mac.com> Date: Sat, 25 Feb 2006 08:47:00 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Edwin Groothuis References: <20060225070722.GA92618@k7.mavetju> In-Reply-To: <20060225070722.GA92618@k7.mavetju> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-net@freebsd.org Subject: Re: socket / bind - specific address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2006 13:47:01 -0000 Edwin Groothuis wrote: > The situation is as follows: > > We have a couple of FreeBSD routers, with RFC1918 addresses on the > ethernets and a public address on the loopback. This works fine for > connecting to the routers, but is problematic for locally originated > outgoing traffic (think NTP, think syslog): it takes the IP address > of the outgoing interface, which is the RFC1918 address. You're giving lo0 a public IP? Why? If you want to reach the box via a public IP and are using 1-to-1 NAT translation to deliver the traffic to one of your NICs using unroutable RFC-1918 addresses, why not configure that NIC to also have the public IP, too? > Is there a way (sysctl, kernel option) to define which IP address > is used for locally originated outgoing traffic? The IP used for locally originated traffic should be governed by the address specified in the bind() call; if you want that to be different, normally you configure the associated software being run to use something else. I don't know how to override the default the kernel hands you if you leave the decision up to it, short of crafting the packets yourself or using some external capability like NAT to re-write the addresses being used. -- -Chuck