Hello, On Jan 30, 2008 3:17 AM, Adrian Knoth <a...@drcomp.erfurt.thur.de> wrote: [snip] > As mentioned earlier: it's very common to have multiple addresses per > interface, and it's the kernel who assigns the source address, so > there's nothing one could say about an incoming connection. Only that it > could be any of all exported addresses. Any. >
This is only partially correct. Yes, by default the Linux kernel will fill in the IP header with any of the IP addresses associated with the machine, regardless of which NIC the packet will be sent on. It was a never ending debate on the Linux Kernel Mailing list as to what was the right way to do things... are IP addresses "owned" by the machine, or are they "owned" by the NIC? The kernel defaults to the former definition (which is contrary to pretty much every other OS on the planet... but the relevant RFCs left both interpretations open). Anyway, there are ways to configure the networking stack of the Linux kernel to get the other behavior, so that a packet will be guaranteed to have one of the IP addresses associated with the NIC that it uses for egress. See Documentation/networking/ip-sysctl.txt in your Linux Kernel sources for a description of these relevant options: arp_filter, arp_announce, arp_ignore which are accessed on a live system here: /proc/sys/net/ipv4/conf/all/ I guess if I put in the time, I could create a FAQ entry about it, and what values to use... though I am not familiar with any equivalent IPv6 settings (or if any exist). -- Tim Mattox, Ph.D. - http://homepage.mac.com/tmattox/ tmat...@gmail.com || timat...@open-mpi.org I'm a bright... http://www.the-brights.net/
