Date: Fri, 19 Apr 2002 15:45:56 -0600 From: Brett Glass <brett@lariat.org> To: Terry Lambert <tlambert2@mindspring.com> Cc: chat@freebsd.org Subject: Re: How to control address used by INADDR_ANY? Message-ID: <4.3.2.7.2.20020419152309.035a96d0@nospam.lariat.org> In-Reply-To: <3CC088D4.F21A3656@mindspring.com> References: <4.3.2.7.2.20020419144005.0358c610@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:15 PM 4/19/2002, Terry Lambert wrote: >Brett Glass wrote: >> As best I can tell, the trouble is that when a process running on the >> router itself opens an outbound socket with INADDR_ANY (which most >> networked applications do), it picks 10.X.Y.Z as the source address >> instead of A.B.C.1. > >INADDR_ANY means "I don't care". FreeBSD's "I don't care" is a >bit different in implementation than Cisco's "I don't care". 8-(. > >Since you apparently *do* care, you must bind a specific address >for outbound connections. Unfortunately, "you" consists of any application that might be running on the box. And few, if any, of the standard apps one is likely to use in administration offer you the option of specifying a source address explicitly. For example, suppose I want to bring in a patch or some code via anonymous FTP. I can't, because the Berkeley FTP client doesn't let you specify a source address. >> What's the easiest way to specify the address to be used as the source >> address when an app opens an outbound socket with INADDR_ANY? I'm unclear >> about how the system is picking it now (I haven't yet found the place in >> the source where this decision is made), but it seems to be picking >> 10.X.Y.Z, which of course will not work. > >It picks the first address on the first interface on the subnet >for the destination address in question, When the machine is going out to the Internet at large, the destination isn't on any of those subnets. >Probably you can make it work by setting the IP address to the >one for the bridged network, I'm not sure I follow. There's no bridged network here. >and then setting the 10. address >to be the alias, instead of the bridged address. The only addresses that are "legal" on the ISP's internal subnet are 10. addresses, by policy. I could try something like specifying the address as 127.0.0.2 with the 10. address as an alias.... The default IPFW rules would keep any packets with a source address of 127.0.0.2 from actually leaving the interface. But this is kinda dicey... and I don't know what the stack will do. Will apps wind up with sockets that have 127.0.0.2 as a source address? >Really, this is a bug in the FreeBSD code, in that it is not >treating the IP address/port pair on the destination as the >route to choose the "proper" origin address. Actually, it may just be an omission. Just as we can set a default gateway, it might be nice to be able to set a default IP for outbound sockets. (INADDR_ANY has different semantics when one is listening, of course, so it's only the outbound case that we need to worry about.) Or we might be able to set a flag that disqualifies an interface from having its address(es) used as the source address when INADDR_ANY is used. (This is probably done for lo0 now. I don't know for sure, but I'll bet that the code notices the LOOPBACK flag and disqualifies the interface.) The new flag could be set and viewed via ifconfig. >Short of rewriting a lot of the stack to reorder the anonymous >address handling (e.g. to make it work like Cisco equipment >does), There may be a single assignment statement somewhere that could be made to grab the address from a sysctl variable. Terry, you know the network code better than I.... In what file is INADDR_ANY converted into a specific source address? What logic is used to determine which addresses are suitable? >it's probably best to just bind outgoing interfaces >manually, and deal with the netmask in your proxy app. I won't want to rewrite every application I might use on the box! Adding a mod to the stack would be easier... unless there's some way to get the existing code to do The Right Thing. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020419152309.035a96d0>