Date: Thu, 26 Jul 2001 17:24:43 -0500 (CDT) From: Chris Dillon <cdillon@wolves.k12.mo.us> To: Matt Dillon <dillon@earth.backplane.com> Cc: Steven Ames <steve@virtual-voodoo.com>, "Jonathan M. Slivko" <jslivko@blinx.net>, <freebsd-hackers@FreeBSD.ORG> Subject: Re: Why two cards on the same segment... Message-ID: <Pine.BSF.4.32.0107261654170.2406-100000@mail.wolves.k12.mo.us> In-Reply-To: <200107262136.f6QLaCX62360@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Jul 2001, Matt Dillon wrote: > I wish it were that easy. If you have two interfaces on the same LAN > segment, but one is configured with an internal IP and one is > configured with an external IP, and the default route points out the > interface configured with the external IP, then you are ok. > > If you have one interface with *two* ip addresses. For example (taking > a real life example): > > ash:/home/dillon> ifconfig > fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 208.161.114.66 netmask 0xffffffc0 broadcast 208.161.114.127 > inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:b0:d0:49:3b:fd > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > > Then the 'source IP' address the machine uses is completely up in the > air. It could be the external IP, or the internal IP, and it could > change out from under you if you manipulate the interface with ifconfig. > You have to explicitly bind to the correct source IP if you care. > > For our machines I bind our external services specifically to the > external IP. Beyond that I usually don't care because I NAT-out our > internal IP space anyway, so any packets sent 'from' an internal IP > to the internet wind up going through the NAT, which hides the fact > that the source machine chose the wrong IP. Hmm.. That hasn't been my experience at all. I have _always_ seen outgoing connections use a source address of the closest interface address that exists on the same IP network as the destination, OR, if it is a non-local destination, then the source is whatever IP address is on the same IP network as the next-hop gateway. If your next-hop gateway is an RFC1918 address, then your source address will be your RFC1918 address on the same subnet, unless you specify otherwise of course. Maybe if you set net.inet.ip.subnets_are_local to 1, then maybe the system will use the primary non-alias address of the closest physical interface, be it a public address or whatever, but I've not tried that. -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet - Available for IA32 (Intel x86) and Alpha architectures - IA64 (Itanium), PowerPC, and ARM architectures under development - http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0107261654170.2406-100000>