From owner-freebsd-questions  Tue Feb 26  8:58: 5 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.e-perception.com (mail.e-perception.com [63.100.80.23])
	by hub.freebsd.org (Postfix) with ESMTP id 392F837B417
	for <freebsd-questions@freebsd.org>; Tue, 26 Feb 2002 08:58:03 -0800 (PST)
Received: from localhost (soconnor@localhost)
	by mail.e-perception.com (8.11.6/8.11.6) with ESMTP id g1QGqL462720;
	Tue, 26 Feb 2002 08:52:21 -0800 (PST)
	(envelope-from soconnor@mail.e-perception.com)
Date: Tue, 26 Feb 2002 08:52:21 -0800 (PST)
From: "Shawn O'Connor" <soconnor@mail.e-perception.com>
To: Ian Dowse <iedowse@maths.tcd.ie>
Cc: freebsd-questions@freebsd.org
Subject: Re: NFS replies with different IP address 
In-Reply-To: <200202260102.aa41839@salmon.maths.tcd.ie>
Message-ID: <20020226083448.B62491-100000@mail.e-perception.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I'm trying not to just mount to the 10.1.1.10 IP address because the machine
in question is part of a veritas cluster and whichever node is controlling
NFS at that time assumes a virtual interface with an IP address of 10.1.1.9.

I agree that this is a Solaris problem.  I find it disconcerting that
the Solaris box would respond back with it's primary IP address.  I was
just wondering if there was an easy work around.


	-Shawn

On Tue, 26 Feb 2002, Ian Dowse wrote:

> Why not just use the IP address that does work! Accepting replies
> from any source address whatsoever (only the XID is checked) is not
> a very secure behaviour; I don't think this has been ever allowed
> in FreeBSD. As the RFC you quoted suggests, this is more a problem
> with Solaris than FreeBSD. If you use FreeBSD as a multi-homed NFS
> server there is a "-h" option to nfsd that allows you to bind to
> each IP address to ensure that replies come from the right one.
>
> Ian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message