From owner-freebsd-net  Mon Aug 14 21:35:28 2000
Delivered-To: freebsd-net@freebsd.org
Received: from mx4.mail.ru (mx4.mail.ru [194.67.23.39])
	by hub.freebsd.org (Postfix) with ESMTP id 503CE37B7D4
	for <freebsd-net@freebsd.org>; Mon, 14 Aug 2000 21:35:23 -0700 (PDT)
	(envelope-from eugene_m@mail.ru)
Received: from mx8.port.ru (mx8.int [10.0.0.45])
	by mx4.mail.ru (8.9.3/8.9.3) with ESMTP id IAA26956
	for <freebsd-net@freebsd.org>; Tue, 15 Aug 2000 08:07:23 +0400 (MSD)
	(envelope-from eugene_m@mail.ru)
Received: from f10.int ([10.0.0.78] helo=f10.mail.ru)
	by mx8.port.ru with esmtp (Exim 3.14 #2)
	id 13OXww-0000om-00
	for freebsd-net@freebsd.org; Tue, 15 Aug 2000 08:03:38 +0400
Received: from mail by f10.mail.ru with local (Exim 3.14 #4)
	id 13OXww-0008DB-00
	for freebsd-net@freebsd.org; Tue, 15 Aug 2000 08:03:38 +0400
Received: from [193.125.6.18] by win.mail.port.ru with HTTP;
	Tue, 15 Aug 2000 04:03:38 +0000 (GMT)
From: "Eugene Mogutov" <eugene_m@mail.ru>
To: freebsd-net@freebsd.org
Subject: Broadcast address and multihomed host
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: [193.125.6.18]
Reply-To: "Eugene Mogutov" <eugene_m@mail.ru>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E13OXww-0008DB-00@f10.mail.ru>
Date: Tue, 15 Aug 2000 08:03:38 +0400
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi

Recently a friend of mine noticed that his FreeBSD router treats broadcast addresses of local subnets as local (i.e. as if they were addresses of router interfaces).

A brief example: a multihomed host has a pair of interfaces, their addresses are aa.aa.aa.1/24 and bb.bb.bb.1/24, where /24 stands for netmask corresponding to Class C. It is possible to establish tcp connection to our host using destination address bb.bb.bb.255 (broadcast address for local subnet connected to interface bb.bb.bb.1), it is required, however, that those tcp packets pass via interface aa.aa.aa.1. 

The same story is about connecting to aa.aa.aa.255 from the host reachable via interface bb.bb.bb.1. Only 'all ones' broadcast address does the trick, 'all zeroes' doesn't. If I'm not mistaken at least 2.2.6, 3.3 and 3.4 behave so.

It seems that packet filter rulesets (e.g. those of ipfw) using specific addresses of multihomed host's interfaces to restrict access to services running on that host can be easily overriden by using broadcast addresses.

Is it a feature of BSD stack (I haven't seen it neither on linux 2.2.x, nor on 2.0.x) ? If it is, is there a way to disable it?

Thanks,
eugene





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message