Date: Tue, 9 Nov 1999 23:21:53 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: David Malone <dwmalone@maths.tcd.ie> Cc: freebsd-current@FreeBSD.ORG Subject: Re: need patch review - NFS fixes for IP binding Message-ID: <199911100721.XAA05191@apollo.backplane.com> References: <199911091926.LAA03009@apollo.backplane.com> <19991109212647.A11812@maccullagh.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
:This patch isn't very good for us as we need to be able to bind
:nfsd to several IP addresses and still have it reply on the correct
:interface and I think your patch only allows one to be specified
:per set of nfsds?
:
:At the least we need to be able to specify multiple IP addresses
:and a "all IP addresses" mode, as in Ian's original patch, would
:be useful for us.
:
:I guess we could run bunches of nfsds - one bunch per IP, but this
:seems unnatural.
:
: David.
You can run a set of nfsd's on each IP that you want to bind to
with the patch. While it is true that this doesn't solve the
problem universally, it does solve the problem for most people
while at the same time implementing more appropriate security
characteristics. It just isn't a good idea to go binding to every
interface IP address in existance -- I know web servers with hundreds
of IP aliases that would simply blow up if we were to try to do that,
and other servers with hundreds of discrete, dynamically changing
interfaces (e.g. virtual frame interfaces). 'named' went the
'bind to everything' route and it was six years before the bugs got
worked out of it.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911100721.XAA05191>