From owner-freebsd-questions@FreeBSD.ORG Tue Feb 17 06:05:00 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46B2916A4CE for ; Tue, 17 Feb 2004 06:05:00 -0800 (PST) Received: from smtp.mailbox.co.uk (smtp.mailbox.co.uk [195.82.125.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E99643D1F for ; Tue, 17 Feb 2004 06:05:00 -0800 (PST) (envelope-from waynep@smtp.penguinpowered.org) Received: from [212.18.250.170] (helo=smtp.penguinpowered.org) by smtp.mailbox.co.uk with esmtp (Exim 3.36 #1) id 1At5qN-000352-00 for freebsd-questions@freebsd.org; Tue, 17 Feb 2004 14:04:59 +0000 Received: from waynep by smtp.penguinpowered.org with local (Exim 4.30; FreeBSD) id 1At5r0-000K5i-Eb for freebsd-questions@freebsd.org; Tue, 17 Feb 2004 14:05:38 +0000 Date: Tue, 17 Feb 2004 14:05:38 +0000 From: Wayne Pascoe To: freebsd-questions@freebsd.org Message-ID: <20040217140538.GC76770@marvin.penguinpowered.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-System: FreeBSD i386 with kernel 5.1-RELEASE-p10 Sender: Wayne Pascoe Subject: Source IP confusion X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 14:05:00 -0000 Hi all, I'm trying to setup firewalling for some machines, but I'm having some problems with services on aliases. I'll use 192.168.1.2 as the primary address and 192.168.1.3 as the alias for this example. I have applications like exim and bind, listening on 192.168.1.3 (an alias on a machine). They are only listening on the alias and on 127.0.0.1. They are NOT listening on 192.168.1.2 (the main IP Address). The problem I'm having is forcing that application to use its alias for outbound connections. Even though the local_interfaces in exim is set to 192.168.1.3, when it connects to a machine to deliver mail, that connection comes from 192.168.1.2 . This makes firewalling a bit of a pain, because I can't say 'Only allow port 25 traffic from the mail alias' - I have to allow it from the machine primary IP. Can anyone explain why this is and also if there is a way (without reverting to jails) of getting my applications to use an outgoing connection ? Regards, -- Wayne Pascoe Bury me deep when there's no will to be.... better than you! - Metallica