On Jan 30, 2008 3:17 AM, Adrian Knoth <adi_at_[hidden]> wrote:
> As mentioned earlier: it's very common to have multiple addresses per
> interface, and it's the kernel who assigns the source address, so
> there's nothing one could say about an incoming connection. Only that it
> could be any of all exported addresses. Any.
This is only partially correct. Yes, by default the Linux kernel will
fill in the IP header with any of the IP addresses associated with
the machine, regardless of which NIC the packet will be sent on.
It was a never ending debate on the Linux Kernel Mailing list as to
what was the right way to do things... are IP addresses "owned" by
the machine, or are they "owned" by the NIC? The kernel defaults
to the former definition (which is contrary to pretty much every
other OS on the planet... but the relevant RFCs left both interpretations
open). Anyway, there are ways to configure the networking stack of
the Linux kernel to get the other behavior, so that a packet will be
guaranteed to have one of the IP addresses associated with the NIC
that it uses for egress.
See Documentation/networking/ip-sysctl.txt in your Linux Kernel sources
for a description of these relevant options:
arp_filter, arp_announce, arp_ignore
which are accessed on a live system here:
I guess if I put in the time, I could create a FAQ entry about it,
and what values to use... though I am not familiar with any
equivalent IPv6 settings (or if any exist).
Tim Mattox, Ph.D. - http://homepage.mac.com/tmattox/
tmattox_at_[hidden] || timattox_at_[hidden]
I'm a bright... http://www.the-brights.net/