From owner-freebsd-hackers  Thu Jul 26 17:20: 9 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id 3976B37B405
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 26 Jul 2001 17:20:07 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.4/8.11.2) id f6R0JY364659;
	Thu, 26 Jul 2001 17:19:34 -0700 (PDT)
	(envelope-from dillon)
Date: Thu, 26 Jul 2001 17:19:34 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200107270019.f6R0JY364659@earth.backplane.com>
To: Chris Dillon <cdillon@wolves.k12.mo.us>
Cc: Steven Ames <steve@virtual-voodoo.com>,
	"Jonathan M. Slivko" <jslivko@blinx.net>,
	<freebsd-hackers@FreeBSD.ORG>
Subject: Re: Why two cards on the same segment...
References:  <Pine.BSF.4.32.0107261654170.2406-100000@mail.wolves.k12.mo.us>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


:..
:>     You have to explicitly bind to the correct source IP if you care.
:>
:>     For our machines I bind our external services specifically to the
:>     external IP.  Beyond that I usually don't care because I NAT-out our
:>     internal IP space anyway, so any packets sent 'from' an internal IP
:>     to the internet wind up going through the NAT, which hides the fact
:>     that the source machine chose the wrong IP.
:
:
:Hmm.. That hasn't been my experience at all.  I have _always_ seen
:outgoing connections use a source address of the closest interface
:address that exists on the same IP network as the destination, OR, if
:it is a non-local destination, then the source is whatever IP address
:is on the same IP network as the next-hop gateway.  If your next-hop
:gateway is an RFC1918 address, then your source address will be your
:RFC1918 address on the same subnet, unless you specify otherwise of
:course.  Maybe if you set net.inet.ip.subnets_are_local to 1, then
:maybe the system will use the primary non-alias address of the closest
:physical interface, be it a public address or whatever, but I've not
:tried that.
:
:-- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net

    Huh... your right!  How odd.  I think someone may have fixed something
    since I last played with this.  I swear it wasn't going that before!  I
    would set up a bunch of ip aliases and it was pot-luck.

					-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message