[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ip aliasing, virtual interfaces and incorrect source addresses...



Here is what I'm thinking, route would be setup like so...
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0

Then when the alias is set up, dose that change the localnet route to point at eth0:0?
I can't reproduce any thing like that on my setup 2.6.0-test9-1-386.

--- Tarragon Allen <lists@n12turbo.com> wrote:
> > --- Tarragon Allen <lists@n12turbo.com> wrote:
> > > On Wednesday 24 December 2003 08:23, Matthew Whitworth wrote:
> > > > I have a host (eth0 = 10.0.30.251) to which I recently added a virtual
> > > > interface (eth0:0 = 10.0.30.249).  Now all  traffic that originates
> > > > from this host has the source address of eth0:0, which is causing some
> > > > problems with a firewall that I don't control.
> > >
> > > Annoying isn't it?
> > >
> > > Try setting the second IP address as an alias on the *loopback* adapter,
> > > ie: lo:0. Use a bitmask of 255.255.255.255 otherwise strange things may
> > > happen. This should force the system to only use the "real" address for
> > > outgoing requests, but it will still accept connections to the aliases
> > > address.
> 
> On Wednesday 24 December 2003 10:28, Mike Mestnik wrote:
> > Has this problem been reported to the linux kernel ppl?  Has it been fixed?
> > It might also help to mention what versions are affected.
> >
> > mike
> 
> Yes, it's known about. I think the general response would be that it's up to 
> the userspace program, not the kernel, to decide what IP to bind to. If the 
> userspace doesn't care, then the kernel will pick one, usually the same 
> subnet IP if the destination is directly accessible, or the closest IP to the 
> gateway.
> 
> It's not a problem per se.
> 
> t
> -- 
> GPG: http://n12turbo.com/tarragon/public.key
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 


__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/



Reply to: