> Maybe you missed this part but you were stating that you see > packets with an origin that equals the nexthop of your default > route. Maybe a typo of yours but generally speaking, if you do > a ip r g <ip of origin> you will see what source address will > be used if for an unbound udp socket. Hmm, so maybe I mixed up similar problems. So I try to reformulate my problem: Let's look only at IPv4 now. There is one Linux Box used as router on a network. eth0 connected to the internet: inet Adresse:157.161.34.64 Bcast:157.161.39.255 Maske:255.255.248.0 eth1 connected to a lan: inet Adresse:157.161.57.1 Bcast:157.161.57.31 Maske:255.255.255.224 Of course all DNS Names point to 157.161.57.1 as this is the 'main' interface. In fact 157.161.34.64 is a dhcp address that could potentialy change. So no point in using it anywhere. Now what I see is that dns queries, time queries etc. addressed from anywhere on the internet (not on my own lan) to 157.161.57.1 get answered by 157.161.34.64 because those daemons bind to 'any' interface and this is the shorter route. Bind can be configured not to bind to eth1, but not snmpd and ntpd and potentialy many other tools. The clients drop the answer from that unexpected address, probably because they suspect they're spoofed. How can I prevent this? My favourite would be something like a generic 'do not bind here' switch for eth1 :-) Regards -- Benoît Panizzon, <bp@xxxxxx> ------------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP Phone: +41 61 826 93 00 Zurlindenstrasse 29 Fax: +41 61 826 93 01 CH-4133 Pratteln Net: http://www.imp.ch/ ------------------------------------------------------------------------
Attachment:
pgpT8HNVORxj3.pgp
Description: PGP signature
