From owner-freebsd-questions@FreeBSD.ORG Fri Jul 25 16:40:17 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EDDCF106566C for ; Fri, 25 Jul 2008 16:40:16 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (smtprelay0220.b.hostedemail.com [64.98.42.220]) by mx1.freebsd.org (Postfix) with ESMTP id B8C678FC1C for ; Fri, 25 Jul 2008 16:40:16 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (b-bigip1 [10.5.19.254]) by smtpgrave03.b.hostedemail.com (Postfix) with ESMTP id 4B317101D5 for ; Fri, 25 Jul 2008 16:22:42 +0000 (UTC) Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254]) by smtprelay06.b.hostedemail.com (Postfix) with SMTP id BDCCF826BE for ; Fri, 25 Jul 2008 16:22:40 +0000 (UTC) X-SpamScore: 1 X-Spam-Summary: 2, 0, 0, 21669593b6dfa3bc, 91b2f9663b6370e5, eagletree@hughes.net, , RULES_HIT:355:379:541:564:945:966:973:988:989:1260:1261:1277:1311:1313:1314:1345:1437:1515:1516:1518:1534:1542:1593:1594:1711:1730:1747:1766:1792:2196:2199:2393:2559:2562:2902:3355:3636:3865:3866:3867:3868:3869:3870:3871:3872:3874:4250:4321:4385:4605:5007:6117:6119:7652:7903, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none X-session-marker: 6561676C6574726565406875676865732E6E6574 Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153]) (Authenticated sender: eagletree@hughes.net) by omf02.b.hostedemail.com (Postfix) with ESMTP for ; Fri, 25 Jul 2008 16:22:35 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v753) Content-Transfer-Encoding: 7bit Message-Id: <9339104B-252B-49DC-9648-B59343E17E16@hughes.net> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: FreeBSD Questions From: Chris Pratt Date: Fri, 25 Jul 2008 09:22:31 -0700 X-Mailer: Apple Mail (2.753) Subject: IP alias/routing question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jul 2008 16:40:17 -0000 This strikes me as a noob question but in 10 years of freebsd, I've never wrapped my brain around it and it seems to be causing me problems this time. I have many aliases on many servers. Some services listening on an alias address seem to return the packets out the alias address as shown in netstat -i in the Opkt column. Others seem to return packets back out the first address specified on the system. This has not bothered me before because it seems to work and I figured I was just confused on how netstat shows the In and Out packet counts. I assumed that local lan traffic would be listed on the appropriate line and anything headed out the WAN would go to default gateway thus appear on the line with the initial address. I've noticed it on ssh often, connect in on a second or third IP yet the packets show as going out through the first configured IP in netstat. I'm now setting up a bind server in which the third alias is the address for incoming DNS queries. It appears it's responding but even though the queries come in on the third alias, they "go out" through the "primary" address or more specifically, the packet count is incremented in the Opkts total for the IP address first attached to the interface via ifconfig (without an alias). My problem appears to be that the packets really are coming from the first IP as the source and are getting blocked by my firewall as they should (the first address is not supposed to be answering DNS queries). Am I conceptualizing what I'm seeing incorrectly and have a different config error, or is it true that some services respond with a different source IP other than the what they came in on if multiple aliases are specified on a single interface and wire. In other words, is the Opkt count on the IP irrelevant to the addressing of the packet? Please let me know if this should instead go to FreeBSD-Net. Supporting info: here is an example of the netstat, in this example, dns is listening on 192.168.0.18, the first interface ifconfig'd is 0.12. If I read it correctly, it goes out the default gateway which is somehow tied to the 0.12. This machine is not a gateway, has no FWDs in ipfw, and isn't running natd. $ netstat -i Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll rl0 1500 00:10:b5:76:ce:20 631 0 1 0 0 rl0 1500 192.168.252.0 192.168.252.11 0 - 0 - - rl1 1500 00:14:2a:02:bd:64 22628 0 7833 0 0 rl1 1500 192.168.0.0 192.168.0.12 11 - 7450 - - rl1 1500 192.168.0.11 192.168.0.11 1482 - 278 - - rl1 1500 192.168.0.18 192.168.0.18 1243 - 0 - -