Date: Fri, 15 Jun 2001 14:30:43 +0300 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Mike Petrov <mike@deyton.ru> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: choosing correct source IP on multihomed hosts Message-ID: <20010615143043.C68695@sunbay.com> In-Reply-To: <267957031.20010615142235@deyton.ru>; from mike@deyton.ru on Fri, Jun 15, 2001 at 02:22:35PM %2B0400 References: <267957031.20010615142235@deyton.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 15, 2001 at 02:22:35PM +0400, Mike Petrov wrote:
> Hello.
>
> How can I forcely say to any program to use certain source IP?
> Some programs allow to specify it - ping,traceroute,squid,etc.
> Many programs do not care about src IP and use ADDR_ANY when
> creating connections on socket. Kernel chooses appropriate IP
> address according to routing table. It chooses first IP of
> interface where packet would be routed.
>
Nope, the primary selection (if the source address is unspecified)
is done by lookup to the routing table. For example:
# ifconfig rl0
rl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255
inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
# route -vn get 192.168.100.1
[...]
sockaddrs: <DST,GATEWAY,IFP,IFA>
192.168.100.1 0.d0.b7.16.9c.c6 rl0:0.c0.df.3.2d.79 192.168.100.2
^^^^^^^^^^^^^
# telnet 192.168.100.1 12345
Trying 192.168.100.1...
telnet: connect to address 192.168.100.1: Connection refused
telnet: Unable to connect to remote host
# tcpdump
192.168.100.2.49165 > 192.168.100.1.12345: S 3633843389:3633843389(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 307678 0> (DF) [tos 0x10]
192.168.100.1.12345 > 192.168.100.2.49165: R 0:0(0) ack 3633843390 win 0
# route change 192.168.100.1 -ifa 192.168.4.115
change host 192.168.100.1
# route -vn get 192.168.100.1
[...]
sockaddrs: <DST,GATEWAY,IFP,IFA>
192.168.100.1 0.d0.b7.16.9c.c6 rl0:0.c0.df.3.2d.79 192.168.4.115
^^^^^^^^^^^^^
# telnet 192.168.100.1 12345
Trying 192.168.100.1...
telnet: connect to address 192.168.100.1: Connection refused
telnet: Unable to connect to remote host
# tcpdump
192.168.4.115.49166 > 192.168.100.1.12345: S 3750128640:3750128640(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 318829 0> (DF) [tos 0x10]
192.168.100.1.12345 > 192.168.4.115.49166: R 0:0(0) ack 3750128641 win 0
> In most cases this is
> default interface. For example, normally program "telnet" uses
> IP of default interface, when I telnet to somewhere in Internet.
> But sometimes I want to force it to use another source IP.
> Good way to do it: make copy of it to "telnet2", change owner to
> special user, set SUID bit.But how set default interface _only_
> for this user to that I need?
>
See jail(8).
Cheers,
--
Ruslan Ermilov Oracle Developer/DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010615143043.C68695>