From owner-freebsd-hackers Wed Jan 6 16:56:56 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA03568 for freebsd-hackers-outgoing; Wed, 6 Jan 1999 16:56:56 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA03560 for ; Wed, 6 Jan 1999 16:56:51 -0800 (PST) (envelope-from tlambert@usr09.primenet.com) Received: (from daemon@localhost) by smtp04.primenet.com (8.8.8/8.8.8) id RAA20924; Wed, 6 Jan 1999 17:56:23 -0700 (MST) Received: from usr09.primenet.com(206.165.6.209) via SMTP by smtp04.primenet.com, id smtpd020778; Wed Jan 6 17:56:09 1999 Received: (from tlambert@localhost) by usr09.primenet.com (8.8.5/8.8.5) id RAA02738; Wed, 6 Jan 1999 17:55:58 -0700 (MST) From: Terry Lambert Message-Id: <199901070055.RAA02738@usr09.primenet.com> Subject: Re: Source address To: julian@whistle.com (Julian Elischer) Date: Thu, 7 Jan 1999 00:55:58 +0000 (GMT) Cc: tlambert@primenet.com, louie@TransSys.COM, dnelson@redwoodsoft.com, lem@cantv.net, freebsd-hackers@FreeBSD.ORG In-Reply-To: from "Julian Elischer" at Jan 6, 99 01:27:48 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > This is a generic problem in the way sockets are bound. > > > > Similar fallout from the problem is that, when you change IP > > addresses on interfaces, you have to restart daemons bound to > > the IP addresses, etc.. > > > > In general, the best possible corrective action would be to allow > > binding of sockets to interfaces instead of IP addresses. > > what about interfaces with multiple adresses? See below: > > For a complete soloution, you'd want to be able to bind a socket > > to all interfaces, a specific interface, an IP address regardless of > > interfaces that have that address, and an interface/IP address pair. If the set isn't inclusive, obviously, you'd need multiple lines in the inetd.conf. I don't see this as a problem, since it's not like it's something that the code deals with now, anyway. The current code binds to INADDR_ANY, which means all IP addresses on all interfaces. This is known to screw up for NFS, and it's known to screw up for the case where the same IP address is used on multiple interfaces. Using the same IP address on multiple interfaces is highly desirable for "bump on the wire" type applications, including, but not limited to, firewall, VPN, NAT, and transparent proxy applications. A more common "bum on the wire" application would make the bump have the same IP address as the exterior gateway on the interior interface, and the same IP address as the interior router on the exterior interface, since this would let you deploy "zero address count" servers. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message