Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Apr 2002 14:15:00 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Brett Glass <brett@lariat.org>
Cc:        chat@freebsd.org
Subject:   Re: How to control address used by INADDR_ANY?
Message-ID:  <3CC088D4.F21A3656@mindspring.com>
References:  <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
> As best I can tell, the trouble is that when a process running on the
> router itself opens an outbound socket with INADDR_ANY (which most
> networked applications do), it picks 10.X.Y.Z as the source address
> instead of A.B.C.1.

INADDR_ANY means "I don't care".  FreeBSD's "I don't care" is a
bit different in implementation than Cisco's "I don't care".  8-(.

Since you apparently *do* care, you must bind a specific address
for outbound connections.

Note that FreeBSD will still treat the port space for anonymous
ports as if it were the INADDR_ANY space, so you will be limited
to 65535 outbound connections, even though you have more than
one IP address to bind outbound connections to.


> What's the easiest way to specify the address to be used as the source
> address when an app opens an outbound socket with INADDR_ANY? I'm unclear
> about how the system is picking it now (I haven't yet found the place in
> the source where this decision is made), but it seems to be picking
> 10.X.Y.Z, which of course will not work.

It picks the first address on the first interface on the subnet
for the destination address in question, which may not be the
"right" address.

Probably you can make it work by setting the IP address to the
one for the bridged network, and then setting the 10. address
to be the alias, instead of the bridged address.

Really, this is a bug in the FreeBSD code, in that it is not
treating the IP address/port pair on the destination as the
route to choose the "proper" origin address.

You'll see the same thing in NFS TCP connections, where the
remote host will believe you are trying to "spoof" packets
because the response doesn't come from the same IP address to
which the request was made.

Short of rewriting a lot of the stack to reorder the anonymous
address handling (e.g. to make it work like Cisco equipment
does), it's probably best to just bind outgoing interfaces
manually, and deal with the netmask in your proxy app.


-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC088D4.F21A3656>