Outgoing IP address on logical interfaces.

Outgoing IP address on logical interfaces.

Post by Kyle Tuck » Sun, 24 Mar 2002 00:27:04



Hi,
        Can Solaris 8 be configured such that packets coming into
a logical interface, go back out appearing to be from that same one?
I have a single Solaris 8 system with 2 IP addresses under logical
interfaces, hme0 and hme0:1. I have two Apache 1.3.23 proxy servers,
each bound to the seperate IPs of these with BindAddress. However,
both proxy servers appear on remote servers to be making requests
from the primary interface only. Can I override this behavior and
make each proxy appear to come from the IP address it is bound to?
I have also set the IP's in the Listen directives as well to no
avail. The reason I want this behavior is so access to remote hosts
can be based on the proxy server through which one has authorization
to work. I asked this in comp.infosystems.www.servers.unix and got
no response.

Thanks.

--
- Kyle

 
 
 

Outgoing IP address on logical interfaces.

Post by Barry Margoli » Sun, 24 Mar 2002 04:48:38




>    Can Solaris 8 be configured such that packets coming into
>a logical interface, go back out appearing to be from that same one?

On a TCP connection, outgoing packets are guaranteed to have a source
address matching the destination of the incoming packets.  This is a
requirement of the protocol, as this is how the remote machine relays the
replies to the proper connection.

Quote:>I have a single Solaris 8 system with 2 IP addresses under logical
>interfaces, hme0 and hme0:1. I have two Apache 1.3.23 proxy servers,
>each bound to the seperate IPs of these with BindAddress. However,
>both proxy servers appear on remote servers to be making requests
>from the primary interface only.

You seem to be talking about something else here.  If it's a proxy server,
the outbound requests are not part of the same connection as the incoming
messages.

Quote:>                              Can I override this behavior and
>make each proxy appear to come from the IP address it is bound to?

There's no way for the OS to do this automatically.  Just because a process
happens to be listening for incoming connections on a particular address
doesn't mean that when it should make outgoing connections it should use
that address.  The incoming and outgoing connections are totally unrelated,
as far as the OS and TCP/IP stack are concerned (consider the case where
the machine has two real interfaces, and the incoming connection comes from
the LAN, while the outgoing connection is going to the Internet).

So if this is possible, it would have to be a configuration option in the
proxy software.  I suggest you post your question in a group applicable to
that software (comp.infosystems.www.servers.unix seems like the right place
to ask about Apache).

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

1. Host primary interface address as source address in IP header

I'm running kernel 2.0.32 from Redhat 5.0. I have my Linux box with both
a serial port out to a permanent modem link and an ethernet to my
internal LAN.

The ppp is configured with the IP address allocated by the ISP
(139.x.y.z), and I've configured the ethernet with an IP address from my
allocated class C subnet. All is happy, my LAN can gateway through to the
'net, everybody out on the net can get back (yes, I know, the firewall
happens next week :-)).

Anyway, the problem is when I telnet/ftp/other from the Linux box
*itself* to the net. The source address in the IP packets has the address
of the ppp port, not the address reported by gethostbyname. This makes it
difficult for our office (for example) to allow me in by IP address,
because the IP address is something that the DNS refers back to my ISP,
rather than my allocated address.

Anyway, long and involved story, but it caused me to start grovelling
around in the networking source (it was also an excuse to start hacking
Linux). I worked my way through connect() and found ip_my_addr() in
net/ipv4/devinet.c. This allocated the loopback address (127.0.0.1) to
the source address of an outgoing IP packet. Later, ip_build_header in
net/ipv4/ip_output.c replaces the loopback address with either the source
address of the route or the interface address of the outgoing port.

I hesitate greatly before saying that this is wrong, but I would have
thought that the first address returned from gethostbyname(hostname()) is
what should be in the source IP address of the packet.

Am I off the beaten track, totally confused, got it all wrong, or <gasp>
found a bug?

Ron

2. Compiling Apache / PHP 4 / OpenSSL / Mod_SSL on FreeBSD 4.2

3. Multiple logical interfaces: Source address?

4. Can't FTP or Telnet into my Linux 7 box, please help!!!

5. Host primary interface address as source address in IP header

6. urgent: ftp installation of redhat 7.1

7. Getting logical interface addresses

8. gcc-2.4.2 O-Flag

9. How assign MAC address to logical interface hme0:1?

10. IP Alias default outgoing interface?

11. IP Tables, SNAT, and routing: selecting the outgoing interface

12. ip alias and default outgoing interface

13. select nic interface for outgoing IP messages