Frank van Maarseveen wrote:
On Fri, Jul 13, 2007 at 12:00:32PM -0400, Brian Haley wrote:
Frank van Maarseveen wrote:
But I think this is a symptom rather than the cause. It is from a cache
after all. I tried flushing routes + adding various src= routes to both
devices but the problem persists: apparently the src= is ignored for
traffic to a secondary IP address of the same box.
Well, looking in the kernel code, it does seem to prefer the same
address if they're both local, just like IPv6 does. I'd call it a
"feature".
Stephen called it a feature too. It's not that important for me but
for the sake of the argument. Why is it a feature? Are there any compelling
examples why this is necessary?
Sure there must be a reason for ignoring src= in applicable routes,
breaking IP address based virtualisation in my (probably arbitrary)
case. Calling it a feature because it is in the code is not really
convincing me.
I have often called it a bug, because it allows mapping of addresses
behind a firewall by default, by David Miller (IIRC) says the standard
allows it to work that way. Note, allows not requires, and most other
operating systems don't seem to do it that way.
However, I don't see the problem on incoming connections, only on
outgoing connections. Those can be addressed by using SNAT to set the IP
as it should be. I do it by having a little user defined table called at
several places from the mangle table.
See the "multiple default routes" thread, I have a similar problem, and
as far as I can see src= neither sets the source IP nor acts as a
selector. I set and use MARK to get the routing to work (and it does).
--
bill davidsen <davidsen@xxxxxxx>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
