From owner-freebsd-net@FreeBSD.ORG Sat May 8 17:05:03 2010 Return-Path: Delivered-To: freebsd-net@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 245BB1065672; Sat, 8 May 2010 17:05:03 +0000 (UTC) (envelope-from julian@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 0FA458FC1F; Sat, 8 May 2010 17:05:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o48H52qH045578; Sat, 8 May 2010 17:05:02 GMT (envelope-from julian@freefall.freebsd.org) Received: (from julian@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o48H52x3045574; Sat, 8 May 2010 10:05:02 -0700 (PDT) (envelope-from julian) Date: Sat, 8 May 2010 10:05:02 -0700 (PDT) Message-Id: <201005081705.o48H52x3045574@freefall.freebsd.org> To: kes-kes@yandex.ru, julian@FreeBSD.org, freebsd-net@FreeBSD.org From: julian@FreeBSD.org Cc: Subject: Re: kern/146394: [vlan] IP source address for outgoing connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2010 17:05:03 -0000 Synopsis: [vlan] IP source address for outgoing connections State-Changed-From-To: open->feedback State-Changed-By: julian State-Changed-When: Sat May 8 09:47:30 PDT 2010 State-Changed-Why: The behaviour you quote as a bug is expected and useful and I don't think it is a bug. Any non-bound socket will 'bind' itself to the address of the interface through which the outgoing packet will leave. If you do not do this there is no guarantee that the client will be able to get to the responding address as it may be on a differnet network. Anyhow there are ways to do what you want. firstly: what you are talking about will ONLY happen if you do not bind the socke to an address, so looking in the config file and binding it will fix it. Most programs have an option to do this. I had to do this yesterday with named. (though I didn't find such an option in ntpd). You need to look at what is going on using sockstat and netstat -aAn any socket that has a local address of "*" will have this behaviour. If you can't do this then you can use the jail command to force a program that does not support binding to be bound. Put it in a jail that has the same root as the rest of the system but has a forced IP address of that you want. Let me know if this solved your problem an dwe can close the bug. http://www.freebsd.org/cgi/query-pr.cgi?pr=146394