From owner-freebsd-chat Fri Apr 19 14:15:47 2002 Delivered-To: freebsd-chat@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 170BC37B404 for ; Fri, 19 Apr 2002 14:15:44 -0700 (PDT) Received: from pool0151.cvx22-bradley.dialup.earthlink.net ([209.179.198.151] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 16yfjB-0002w4-00; Fri, 19 Apr 2002 14:15:33 -0700 Message-ID: <3CC088D4.F21A3656@mindspring.com> Date: Fri, 19 Apr 2002 14:15:00 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: chat@freebsd.org Subject: Re: How to control address used by INADDR_ANY? References: <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett Glass wrote: > As best I can tell, the trouble is that when a process running on the > router itself opens an outbound socket with INADDR_ANY (which most > networked applications do), it picks 10.X.Y.Z as the source address > instead of A.B.C.1. INADDR_ANY means "I don't care". FreeBSD's "I don't care" is a bit different in implementation than Cisco's "I don't care". 8-(. Since you apparently *do* care, you must bind a specific address for outbound connections. Note that FreeBSD will still treat the port space for anonymous ports as if it were the INADDR_ANY space, so you will be limited to 65535 outbound connections, even though you have more than one IP address to bind outbound connections to. > What's the easiest way to specify the address to be used as the source > address when an app opens an outbound socket with INADDR_ANY? I'm unclear > about how the system is picking it now (I haven't yet found the place in > the source where this decision is made), but it seems to be picking > 10.X.Y.Z, which of course will not work. It picks the first address on the first interface on the subnet for the destination address in question, which may not be the "right" address. Probably you can make it work by setting the IP address to the one for the bridged network, and then setting the 10. address to be the alias, instead of the bridged address. Really, this is a bug in the FreeBSD code, in that it is not treating the IP address/port pair on the destination as the route to choose the "proper" origin address. You'll see the same thing in NFS TCP connections, where the remote host will believe you are trying to "spoof" packets because the response doesn't come from the same IP address to which the request was made. Short of rewriting a lot of the stack to reorder the anonymous address handling (e.g. to make it work like Cisco equipment does), it's probably best to just bind outgoing interfaces manually, and deal with the netmask in your proxy app. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message