From owner-freebsd-questions Fri Jun 15 4:31:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id C427E37B408 for ; Fri, 15 Jun 2001 04:31:05 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f5FBUhw70538; Fri, 15 Jun 2001 14:30:43 +0300 (EEST) (envelope-from ru) Date: Fri, 15 Jun 2001 14:30:43 +0300 From: Ruslan Ermilov To: Mike Petrov Cc: freebsd-questions@FreeBSD.ORG Subject: Re: choosing correct source IP on multihomed hosts Message-ID: <20010615143043.C68695@sunbay.com> Mail-Followup-To: Mike Petrov , freebsd-questions@FreeBSD.ORG References: <267957031.20010615142235@deyton.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <267957031.20010615142235@deyton.ru>; from mike@deyton.ru on Fri, Jun 15, 2001 at 02:22:35PM +0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jun 15, 2001 at 02:22:35PM +0400, Mike Petrov wrote: > Hello. > > How can I forcely say to any program to use certain source IP? > Some programs allow to specify it - ping,traceroute,squid,etc. > Many programs do not care about src IP and use ADDR_ANY when > creating connections on socket. Kernel chooses appropriate IP > address according to routing table. It chooses first IP of > interface where packet would be routed. > Nope, the primary selection (if the source address is unspecified) is done by lookup to the routing table. For example: # ifconfig rl0 rl0: flags=8943 mtu 1500 inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255 inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255 # route -vn get 192.168.100.1 [...] sockaddrs: 192.168.100.1 0.d0.b7.16.9c.c6 rl0:0.c0.df.3.2d.79 192.168.100.2 ^^^^^^^^^^^^^ # telnet 192.168.100.1 12345 Trying 192.168.100.1... telnet: connect to address 192.168.100.1: Connection refused telnet: Unable to connect to remote host # tcpdump 192.168.100.2.49165 > 192.168.100.1.12345: S 3633843389:3633843389(0) win 16384 (DF) [tos 0x10] 192.168.100.1.12345 > 192.168.100.2.49165: R 0:0(0) ack 3633843390 win 0 # route change 192.168.100.1 -ifa 192.168.4.115 change host 192.168.100.1 # route -vn get 192.168.100.1 [...] sockaddrs: 192.168.100.1 0.d0.b7.16.9c.c6 rl0:0.c0.df.3.2d.79 192.168.4.115 ^^^^^^^^^^^^^ # telnet 192.168.100.1 12345 Trying 192.168.100.1... telnet: connect to address 192.168.100.1: Connection refused telnet: Unable to connect to remote host # tcpdump 192.168.4.115.49166 > 192.168.100.1.12345: S 3750128640:3750128640(0) win 16384 (DF) [tos 0x10] 192.168.100.1.12345 > 192.168.4.115.49166: R 0:0(0) ack 3750128641 win 0 > In most cases this is > default interface. For example, normally program "telnet" uses > IP of default interface, when I telnet to somewhere in Internet. > But sometimes I want to force it to use another source IP. > Good way to do it: make copy of it to "telnet2", change owner to > special user, set SUID bit.But how set default interface _only_ > for this user to that I need? > See jail(8). Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message