From owner-freebsd-questions Tue Nov 14 11:20:18 2000 Delivered-To: freebsd-questions@freebsd.org Received: from timmy.wojo.com (timmy.wojo.com [216.42.139.184]) by hub.freebsd.org (Postfix) with ESMTP id 025CF37B479; Tue, 14 Nov 2000 11:20:08 -0800 (PST) Received: from moe.wojo.net (timmy.wojo.com [216.42.139.184]) by timmy.wojo.com (Postfix) with ESMTP id 2E5AFAFC7; Tue, 14 Nov 2000 14:20:00 -0500 (EST) Subject: Re: source IP address MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Tue, 14 Nov 2000 14:22:33 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.4417.0 content-class: urn:content-classes:message Message-ID: <16DC0F334516F5478EC60CADEDB6A6840787A8@moe.wojo.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: source IP address Thread-Index: AcBOcDzy3h0Z5SVQRCC3xG32ILEolQ== From: "Robert S. Wojciechowski Jr." To: , Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Has anyone tried using LD_PRELOAD to force a program to bind to a = specific IP? =20 For instance you could start ssh like so: $ LD_PRELOAD=3D/preload.so $ export LD_PRELOAD $ $ unset LD_PRELOAD Or making a wrapper program would be nice, $ bindto Here is some code I found, but I haven't had the time or been able to = get it to work in FreeBSD. Can anyone get this to work? gcc -c -fPIC preload.c ld -o preload.so -G preload.o #include #include #include #include #include #define LIBRARY "/usr/lib/libsocket.so" #define ADDRESS "YOUR IP ADDRESS GOES HERE" #define TRUE 1 #define FALSE 0 int bind (int s, struct sockaddr *name, int namelen) { void *Handle; int (*Fptr)(int, struct sockaddr *, int); int Found =3D FALSE; =20 /* Look for inet type sockets */ if (name->sa_family =3D=3D AF_INET) { Found =3D TRUE; } /* Open the library */ Handle =3D dlopen (LIBRARY, RTLD_LAZY); /* Get the function symbol out of the library */ Fptr =3D (int (*)(int, struct sockaddr *, int)) dlsym (Handle, = "bind"); /* * If this is an inet socket, make it find to the local ip and not * all ips on the box */ =20 if (Found) { if (((struct sockaddr_in *) name)->sin_addr.s_addr =3D=3D htonl (INADDR_ANY)) { ((struct sockaddr_in *) name)->sin_addr.s_addr =3D inet_addr (ADDRESS); } =20 /* Call the real function with the new struct */ =20 (*Fptr)(s, name, namelen); } else { =20 /* Call the real function with the original struct */ =20 (*Fptr)(s, name, namelen); } =20 /* Cleanup and close the library */ =20 dlclose (Handle); } --- Robert S. Wojciechowski Jr. robertw@wojo.com ----------------------------------------------------------------- > On 14-Nov-2000 13:42:01, Matt Dillon writes: >=20 > : > :On Mon, Nov 13, 2000 at 06:59:13PM -0800, Matt Dillon wrote: > :>=20 > :> Some programs, such as ping and traceroute, allow you to bind > :> to a specific source IP address. Most programs don't, though. > :>=20 > :> -Matt > : > :Telnet does. It would be really used if ssh did also. > : > :Joe > :--=20 > :Josef Karthauser FreeBSD: How many times have you booted today? > :Technical Manager Viagra for your server (http://www.uk.freebsd.org) > :Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] >=20 > Yah, it would be really nice if ssh did too... I have a box with > five IP addresses on it, some externally routed, some NAT'd, some > internal, and ssh'ing out from it without being able to bind to a > specific IP makes setting up security difficult. >=20 > It's utterly trivial to add, but I don't have time myself. >=20 > It is possible to use a jail to force the source IP address, but > jail's do not appear to work well with interactive tty's. ssh = gets > really confused when run from a jail. >=20 > -Matt >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message >=20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message