From owner-freebsd-net Thu Nov 28 13:49: 2 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2049537B401 for ; Thu, 28 Nov 2002 13:49:01 -0800 (PST) Received: from sep.oldach.net (sep.oldach.net [194.180.25.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCC5143EAF for ; Thu, 28 Nov 2002 13:48:59 -0800 (PST) (envelope-from hmo@sep.oldach.net) Received: from sep.oldach.net (localhost [127.0.0.1]) by sep.oldach.net (8.12.6/8.12.6/hmo29jun02) with ESMTP id gASLmqr6025734 (version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO) for ; Thu, 28 Nov 2002 22:48:53 +0100 (CET) (envelope-from hmo@sep.oldach.net) Received: (from hmo@localhost) by sep.oldach.net (8.12.6/8.12.6/Submit) id gASLmpas025733 for freebsd-net@freebsd.org; Thu, 28 Nov 2002 22:48:51 +0100 (CET) (envelope-from hmo) Message-Id: <200211282148.gASLmpas025733@sep.oldach.net> Subject: Multihoming - implementing RFC 1122 To: freebsd-net@freebsd.org Date: Thu, 28 Nov 2002 22:48:51 +0100 (CET) From: Helge Oldach MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org All, I wonder whether there are plans to complete implementation of the "strong ES" model as described in RFC 1122 for multihoming hosts on FreeBSD. Essentially this would assure that a multihomed host would send and receive IP packets through the "correct" interface (that is, the physical interface that is configured with the IP address used in the packets). Currently the incoming part is already present through the net.inet.ip.check_interface sysctl. If enabled, this would drop packets which arrive on an interface with a different IP address than the one of the interface. But what about the sending side? This appears to be missing. We would need to forward packets not according to the routing table, but according to the source address of the packet (if already defined, otherwise it would be defined through the routing table first). Is anybody aware of this issue? I personally consider this as beneficial for firewall-type setups. Are there plans to implement it? Regards, Helge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message