From owner-freebsd-hackers Thu Jul 26 15:24:55 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.wolves.k12.mo.us (mail.wolves.k12.mo.us [207.160.214.1]) by hub.freebsd.org (Postfix) with ESMTP id 0E8BF37B406 for ; Thu, 26 Jul 2001 15:24:50 -0700 (PDT) (envelope-from cdillon@wolves.k12.mo.us) Received: from mail.wolves.k12.mo.us (cdillon@mail.wolves.k12.mo.us [207.160.214.1]) by mail.wolves.k12.mo.us (8.9.3/8.9.3) with ESMTP id RAA22163; Thu, 26 Jul 2001 17:24:44 -0500 (CDT) (envelope-from cdillon@wolves.k12.mo.us) Date: Thu, 26 Jul 2001 17:24:43 -0500 (CDT) From: Chris Dillon To: Matt Dillon Cc: Steven Ames , "Jonathan M. Slivko" , Subject: Re: Why two cards on the same segment... In-Reply-To: <200107262136.f6QLaCX62360@earth.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 26 Jul 2001, Matt Dillon wrote: > I wish it were that easy. If you have two interfaces on the same LAN > segment, but one is configured with an internal IP and one is > configured with an external IP, and the default route points out the > interface configured with the external IP, then you are ok. > > If you have one interface with *two* ip addresses. For example (taking > a real life example): > > ash:/home/dillon> ifconfig > fxp0: flags=8843 mtu 1500 > inet 208.161.114.66 netmask 0xffffffc0 broadcast 208.161.114.127 > inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:b0:d0:49:3b:fd > media: Ethernet autoselect (100baseTX ) > status: active > > Then the 'source IP' address the machine uses is completely up in the > air. It could be the external IP, or the internal IP, and it could > change out from under you if you manipulate the interface with ifconfig. > You have to explicitly bind to the correct source IP if you care. > > For our machines I bind our external services specifically to the > external IP. Beyond that I usually don't care because I NAT-out our > internal IP space anyway, so any packets sent 'from' an internal IP > to the internet wind up going through the NAT, which hides the fact > that the source machine chose the wrong IP. Hmm.. That hasn't been my experience at all. I have _always_ seen outgoing connections use a source address of the closest interface address that exists on the same IP network as the destination, OR, if it is a non-local destination, then the source is whatever IP address is on the same IP network as the next-hop gateway. If your next-hop gateway is an RFC1918 address, then your source address will be your RFC1918 address on the same subnet, unless you specify otherwise of course. Maybe if you set net.inet.ip.subnets_are_local to 1, then maybe the system will use the primary non-alias address of the closest physical interface, be it a public address or whatever, but I've not tried that. -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet - Available for IA32 (Intel x86) and Alpha architectures - IA64 (Itanium), PowerPC, and ARM architectures under development - http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message