Richard B. Johnson wrote:
> On Thu, 5 Dec 2002, Tomas Szepe wrote:
>>I'm not interested in rewriting the source address with netfilter based
>>on destination and/or service; What I'm looking for is rather a way to
>>initiate two connections to the same destination host using the two
>>different source IP addresses.
>>
>
>
> The simple answer is that if you need a specific IP address
> associated with a "multi-honed" host, that has only one interface,
> then something is broken. And you get to keep the pieces.
> The IP addresses assigned to a multi-honed host are the addresses
> to which it will respond during ARP. The ARP (Address Resolution
> Protocol) you remember, is the protocol used to get the "hardware"
> or IEEE station address of the interface.
>
> Any IP protocol will properly work with any IP address embedded in
> the packet from the interface that responded to the ARP.
>
> However, the IP address inside the data-gram will usually be
> the IP address of the interface that first sent that packet.
> The IP address used is the address of the interface that met
> the necessary criteria for getting the data-gram onto the wire.
> In other words, the net-mask and the network address are the
> determining factors. If you have two or more IP addresses that
> are capable of putting the data-gram on the wire, the first one,
> i.e., the address used to initialize the interface first, will
> be the one that is used in out-going packets.
You may be able to influence this with policy-based routing and
the arp-filter code.
>
> Since you don't bind a socket to a specific IP address when
> initiating connections, you can't chose what IP address will
> be used for those connections. However, when setting up
> a server that will accept connections, you bind that socket
> to both an IP address and a port. Therefore, a server can
> be created that accepts connections only to a specific IP
> address of a multi-honed host.
You certainly can bind to a specific IP and/or port when initiating
a connection. You can use the local IP to do source-based routing.
I have not done exactly the thing described here, but I have done
similar things, certainly binding to ports & ips on both server
and initiator side of an IP connection.
> There is no RightWay(tm) because any attempt to choose a specific
> IP to on the wire from a machine that has only one interface, but
> is multi-honed, is broken at the start. However, you can chose where
I think you presume too much about what other people might consider
broken or not. :)
-- Ben Greear <greearb@candelatech.com> <Ben_Greear AT excite.com> President of Candela Technologies Inc http://www.candelatech.com ScryMUD: http://scry.wanfear.com http://scry.wanfear.com/~greear- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Dec 07 2002 - 22:00:25 EST