socket / bind - specific address
Edwin Groothuis
edwin at mavetju.org
Sat Feb 25 14:26:39 PST 2006
On Sat, Feb 25, 2006 at 08:47:00AM -0500, Chuck Swiger wrote:
> Edwin Groothuis wrote:
> > The situation is as follows:
> >
> > We have a couple of FreeBSD routers, with RFC1918 addresses on the
> > ethernets and a public address on the loopback. This works fine for
> > connecting to the routers, but is problematic for locally originated
> > outgoing traffic (think NTP, think syslog): it takes the IP address
> > of the outgoing interface, which is the RFC1918 address.
>
> You're giving lo0 a public IP? Why?
So that it's always reachable. The machines are routers (i.e. one
or more LAN interfaces, one or more WAN interfaces). If one WAN
interface is down, traffic will follow a different path. The loopback
interface is always up, so it's always reachable.
> If you want to reach the box via a public IP and are using 1-to-1 NAT
> translation to deliver the traffic to one of your NICs using unroutable RFC-1918
> addresses, why not configure that NIC to also have the public IP, too?
> The IP used for locally originated traffic should be governed by the address
> specified in the bind() call; if you want that to be different, normally you
> configure the associated software being run to use something else.
Yes, but what if the software doesn't support it? Like said, I could
try a jail but I wonder what kind of limitations that brings on
what the software can do. For example, does xntpd work inside a
jail, does snmpd work inside a jail etc.
> I don't know how to override the default the kernel hands you if you leave the
> decision up to it, short of crafting the packets yourself or using some external
> capability like NAT to re-write the addresses being used.
Problem is that the incoming interface doesn't need to match the
outgoing interface, and that confuses ipnat (been there, done that,
forced the route) and that it causes other problems.
Edwin
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin at mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/
More information about the freebsd-net
mailing list