From owner-freebsd-hackers Thu Jul 26 15:45: 5 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from virtual-voodoo.com (virtual-voodoo.com [204.120.165.254]) by hub.freebsd.org (Postfix) with ESMTP id B8DE137B405 for ; Thu, 26 Jul 2001 15:44:59 -0700 (PDT) (envelope-from steve@virtual-voodoo.com) Received: (from steve@localhost) by virtual-voodoo.com (8.11.4/8.11.4) id f6QMioX28654; Thu, 26 Jul 2001 17:44:50 -0500 (EST) (envelope-from steve) Date: Thu, 26 Jul 2001 17:44:05 -0500 From: Steve Ames To: Chris Dillon Cc: Matt Dillon , "Jonathan M. Slivko" , freebsd-hackers@FreeBSD.ORG Subject: Re: Why two cards on the same segment... Message-ID: <20010726174405.A36877@virtual-voodoo.com> References: <200107262136.f6QLaCX62360@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from cdillon@wolves.k12.mo.us on Thu, Jul 26, 2001 at 05:24:43PM -0500 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 26, 2001 at 05:24:43PM -0500, Chris Dillon wrote: > Hmm.. That hasn't been my experience at all. I have _always_ seen > outgoing connections use a source address of the closest interface > address that exists on the same IP network as the destination, OR, if > it is a non-local destination, then the source is whatever IP address > is on the same IP network as the next-hop gateway. If your next-hop > gateway is an RFC1918 address, then your source address will be your > RFC1918 address on the same subnet, unless you specify otherwise of > course. Agreed. And, really, isn't that the behavior you _expect_? Any other behavior could be considered a non-POLA. In most situations the source-IP can be determined logically. There are some situations where it can't be determined and that's where random comes in (at least on the Solaris stack, I hate to use that as an example but I have yet to test it under FBSD or look up the code). A good example is when you have multipe IPs on one card from the same subnet and netmask. The only way to determine what _should_ be used as the IP is to maybe use the one that isn't an alias. But what if they are all aliases and the non-alias is RFC1918 but the gateway is out of that public subnet? Under Solaris its potluck. Took me a bit to figure that out. That's why under FBSD when we want multiple IPs from the same subnet (virtual hosting and such) we encourage the use of the 0xffffffff netmask. Then that IP cannot be part of the gateway subnet so won't be used as the source IP. It is however reachable from the outside world thanks to ARP. A tricker question is with two NIC each with a public IP (from different subnets). You can't have a seperate gateway for each NIC so most outgoing traffic is really going to go out one interface even if its coming in both interfaces right? If the NICs have IPs from the same subnet then I'm not sure how the outgoing interface (and source IP) is chosen but logically both get used (round robin?). That question will actually take some source delving to figure out as I don't have the tools to just hook up a machine and watch. -Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message