Date: Sat, 20 Apr 2002 20:54:21 -0600 From: Brett Glass <brett@lariat.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: "Matthew D. Fuller" <fullermd@over-yonder.net>, chat@FreeBSD.ORG Subject: Re: How to control address used by INADDR_ANY? Message-ID: <4.3.2.7.2.20020420204617.021f4470@nospam.lariat.org> In-Reply-To: <3CC22126.9F28CE8A@mindspring.com> References: <4.3.2.7.2.20020420111258.021d7270@nospam.lariat.org> <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org> <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org> <4.3.2.7.2.20020420004621.02379880@nospam.lariat.org> <3CC1245C.EEE4ADE@mindspring.com> <4.3.2.7.2.20020420111258.021d7270@nospam.lariat.org> <4.3.2.7.2.20020420113621.021dfd00@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:17 PM 4/20/2002, Terry Lambert wrote: >> Other options I've considered are: >> >> 1) Using natd to change the souce addresses on outgoing packets >> with a source addresses in 10.x to something routable (that is, >> having the machine do NAT for its own internal processes). Would >> this work? > >The NAT can't do block address translation, it can only do 1:N >translation (not N:N translation). Ah, but we only NEED to do 1:N translation. We need to translate the source address of 10.X.Y.Z to A.B.C.1 when going outbound on the upstream interface. I believe that ipnat is capable of doing this with a "map" rule, because it sits outside the kernel. But I don't know if natd (which is what I'd prefer to use because it's able to do port-specific NAT ore gracefully) can do this. >> 2) Running local processes in a "jail" (assuming that this would >> force their IP source addresses to the address assigned to the >> "jail...." Would it? > >No, it would not force the source address. Are you sure? I haven't played much with jails, but I do note the following on the jail(8) man page: > jail.socket_unixiproute_only > The jail functionality binds an IPv4 address to each jail, and lim- > its access to other network addresses in the IPv4 space that may be > available in the host environment. I had always interpreted this to mean that the apps operating in the jail were limited -- both when they listened and when they opened outbound sockets -- to using the jail's IPv4 address. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020420204617.021f4470>