Date: Thu, 7 Jan 1999 00:55:58 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: julian@whistle.com (Julian Elischer) Cc: tlambert@primenet.com, louie@TransSys.COM, dnelson@redwoodsoft.com, lem@cantv.net, freebsd-hackers@FreeBSD.ORG Subject: Re: Source address Message-ID: <199901070055.RAA02738@usr09.primenet.com> In-Reply-To: <Pine.BSF.3.95.990106132351.2734H-100000@current1.whistle.com> from "Julian Elischer" at Jan 6, 99 01:27:48 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > This is a generic problem in the way sockets are bound. > > > > Similar fallout from the problem is that, when you change IP > > addresses on interfaces, you have to restart daemons bound to > > the IP addresses, etc.. > > > > In general, the best possible corrective action would be to allow > > binding of sockets to interfaces instead of IP addresses. > > what about interfaces with multiple adresses? See below: > > For a complete soloution, you'd want to be able to bind a socket > > to all interfaces, a specific interface, an IP address regardless of > > interfaces that have that address, and an interface/IP address pair. If the set isn't inclusive, obviously, you'd need multiple lines in the inetd.conf. I don't see this as a problem, since it's not like it's something that the code deals with now, anyway. The current code binds to INADDR_ANY, which means all IP addresses on all interfaces. This is known to screw up for NFS, and it's known to screw up for the case where the same IP address is used on multiple interfaces. Using the same IP address on multiple interfaces is highly desirable for "bump on the wire" type applications, including, but not limited to, firewall, VPN, NAT, and transparent proxy applications. A more common "bum on the wire" application would make the bump have the same IP address as the exterior gateway on the interior interface, and the same IP address as the interior router on the exterior interface, since this would let you deploy "zero address count" servers. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901070055.RAA02738>