Date: Tue, 17 Feb 2004 14:05:38 +0000 From: Wayne Pascoe <freebsd-feb@penguinpowered.org> To: freebsd-questions@freebsd.org Subject: Source IP confusion Message-ID: <20040217140538.GC76770@marvin.penguinpowered.org>
next in thread | raw e-mail | index | archive | help
Hi all, I'm trying to setup firewalling for some machines, but I'm having some problems with services on aliases. I'll use 192.168.1.2 as the primary address and 192.168.1.3 as the alias for this example. I have applications like exim and bind, listening on 192.168.1.3 (an alias on a machine). They are only listening on the alias and on 127.0.0.1. They are NOT listening on 192.168.1.2 (the main IP Address). The problem I'm having is forcing that application to use its alias for outbound connections. Even though the local_interfaces in exim is set to 192.168.1.3, when it connects to a machine to deliver mail, that connection comes from 192.168.1.2 . This makes firewalling a bit of a pain, because I can't say 'Only allow port 25 traffic from the mail alias' - I have to allow it from the machine primary IP. Can anyone explain why this is and also if there is a way (without reverting to jails) of getting my applications to use an outgoing connection ? Regards, -- Wayne Pascoe Bury me deep when there's no will to be.... better than you! - Metallica
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040217140538.GC76770>