From owner-freebsd-current Tue Nov 9 23:22: 6 1999 Delivered-To: freebsd-current@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 4726014A00 for ; Tue, 9 Nov 1999 23:22:03 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id XAA05191; Tue, 9 Nov 1999 23:21:53 -0800 (PST) (envelope-from dillon) Date: Tue, 9 Nov 1999 23:21:53 -0800 (PST) From: Matthew Dillon Message-Id: <199911100721.XAA05191@apollo.backplane.com> To: David Malone Cc: freebsd-current@FreeBSD.ORG Subject: Re: need patch review - NFS fixes for IP binding References: <199911091926.LAA03009@apollo.backplane.com> <19991109212647.A11812@maccullagh.maths.tcd.ie> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :This patch isn't very good for us as we need to be able to bind :nfsd to several IP addresses and still have it reply on the correct :interface and I think your patch only allows one to be specified :per set of nfsds? : :At the least we need to be able to specify multiple IP addresses :and a "all IP addresses" mode, as in Ian's original patch, would :be useful for us. : :I guess we could run bunches of nfsds - one bunch per IP, but this :seems unnatural. : : David. You can run a set of nfsd's on each IP that you want to bind to with the patch. While it is true that this doesn't solve the problem universally, it does solve the problem for most people while at the same time implementing more appropriate security characteristics. It just isn't a good idea to go binding to every interface IP address in existance -- I know web servers with hundreds of IP aliases that would simply blow up if we were to try to do that, and other servers with hundreds of discrete, dynamically changing interfaces (e.g. virtual frame interfaces). 'named' went the 'bind to everything' route and it was six years before the bugs got worked out of it. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message