On a machine with multiple interfaces, is it possible to set the default
outgoing IP address to something other than the address for the interface
on the outgoing route?
For instance, a machine acts as a gateway, with addresses A and B, where A
faces the world (but isn't in DNS) and B is the canonical address.
Outgoing connections from the machine should appear to come from B.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
In article <[email protected]>,
Oliver Xymoron <[email protected]> wrote:
>On a machine with multiple interfaces, is it possible to set the default
>outgoing IP address to something other than the address for the interface
>on the outgoing route?
ip route add default via IP.OF.GATE.WAY dev DEVICE src SOURCE.IP.ADDR.ESS
Mike.
--
"Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former" -- Albert Einstein.
On Mon, 26 Nov 2001, Oliver Xymoron wrote:
> On a machine with multiple interfaces, is it possible to set the default
> outgoing IP address to something other than the address for the interface
> on the outgoing route?
>
> For instance, a machine acts as a gateway, with addresses A and B, where A
> faces the world (but isn't in DNS) and B is the canonical address.
> Outgoing connections from the machine should appear to come from B.
If you mean having multiple IP addresses on the same NIC, sure you can do
that, see the section on DNAT in iptables. However, if you have multiple
NICs, you do not want to send a packet from one which has the IP of the
other, as your router is very likely to become confused and get its ARP
table in a twist.
You can force packets out one NIC or the other, usually using iproute, but
I don't think that's what you have in mind, is it? In any case, doable.
--
bill davidsen <[email protected]>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
On Tue, 27 Nov 2001, Bill Davidsen wrote:
> On Mon, 26 Nov 2001, Oliver Xymoron wrote:
>
> > On a machine with multiple interfaces, is it possible to set the default
> > outgoing IP address to something other than the address for the interface
> > on the outgoing route?
> >
> > For instance, a machine acts as a gateway, with addresses A and B, where A
> > faces the world (but isn't in DNS) and B is the canonical address.
> > Outgoing connections from the machine should appear to come from B.
>
> If you mean having multiple IP addresses on the same NIC, sure you can do
> that, see the section on DNAT in iptables. However, if you have multiple
> NICs, you do not want to send a packet from one which has the IP of the
> other, as your router is very likely to become confused and get its ARP
> table in a twist.
>
> You can force packets out one NIC or the other, usually using iproute, but
> I don't think that's what you have in mind, is it? In any case, doable.
I have a host which has canonical address foo, which also happens to be a
gateway. Foo happens to be on the local side of the gateway, so when
initiating connections, they appear to be from the gateway interface
address, bar. This is inconvenient because bar is an address on a network
I don't have DNS authority over, etc., so it'd be nice if outgoing
connections by default would appear to come from foo.
I'll take a look at iproute.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
On Tue, 27 Nov 2001, Oliver Xymoron wrote:
> I have a host which has canonical address foo, which also happens to be a
> gateway. Foo happens to be on the local side of the gateway, so when
> initiating connections, they appear to be from the gateway interface
> address, bar. This is inconvenient because bar is an address on a network
> I don't have DNS authority over, etc., so it'd be nice if outgoing
> connections by default would appear to come from foo.
This should do the trick, or something similar. It changes the default
route to prefer another source address if none is set through a bind(2)
call.
ip route chg default via $DEF_GW dev $OUTSIDE_DEV src $MY_CANOICAL_SRC
A variation of this (for a slightly different purpose) is used by me.
Peter
--
Peter Svensson ! Pgp key available by finger, fingerprint:
<[email protected]> ! 8A E9 20 98 C1 FF 43 E3 07 FD B9 0A 80 72 70 AF
------------------------------------------------------------------------
Remember, Luke, your source will be with you... always...
On Tue, 27 Nov 2001, Peter Svensson wrote:
> On Tue, 27 Nov 2001, Oliver Xymoron wrote:
>
> > I have a host which has canonical address foo, which also happens to be a
> > gateway. Foo happens to be on the local side of the gateway, so when
> > initiating connections, they appear to be from the gateway interface
> > address, bar. This is inconvenient because bar is an address on a network
> > I don't have DNS authority over, etc., so it'd be nice if outgoing
> > connections by default would appear to come from foo.
>
> This should do the trick, or something similar. It changes the default
> route to prefer another source address if none is set through a bind(2)
> call.
>
> ip route chg default via $DEF_GW dev $OUTSIDE_DEV src $MY_CANOICAL_SRC
>
> A variation of this (for a slightly different purpose) is used by me.
Figured that out myself about 10 minutes ago. Thanks.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
On Tue, 27 Nov 2001, Bill Davidsen wrote:
> On Mon, 26 Nov 2001, Oliver Xymoron wrote:
>
> > On a machine with multiple interfaces, is it possible to set the default
> > outgoing IP address to something other than the address for the interface
> > on the outgoing route?
Yes.
ip route add 10.1.1.0/24 via 192.168.1.1 src 172.16.1.1
^^^
The src parameter tells the routing code to use this address when sending
packets. The address only needs to be on the system. IE:
ip addr add 172.16.1.1/32 dev dummy0
And send the packets out of eth0.
> > For instance, a machine acts as a gateway, with addresses A and B, where A
> > faces the world (but isn't in DNS) and B is the canonical address.
> > Outgoing connections from the machine should appear to come from B.
>
> If you mean having multiple IP addresses on the same NIC, sure you can do
> that, see the section on DNAT in iptables. However, if you have multiple
> NICs, you do not want to send a packet from one which has the IP of the
> other, as your router is very likely to become confused and get its ARP
> table in a twist.
No need for DNAT. Just routing.
> You can force packets out one NIC or the other, usually using iproute, but
> I don't think that's what you have in mind, is it? In any case, doable.
>
> --
> bill davidsen <[email protected]>
> CTO, TMR Associates, Inc
> Doing interesting things with little computers since 1979.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--------------------------------------------------
Matthew G. Marsh, President
Paktronix Systems LLC
1506 North 59th Street
Omaha NE 68104
Phone: (402) 932-7250 x101
Email: [email protected]
WWW: http://www.paktronix.com
--------------------------------------------------