Subject: Re: "default" outgoing address
To: None <tech-kern@netbsd.org>
From: Greg A. Woods <woods@most.weird.com>
List: tech-kern
Date: 02/04/1999 15:50:44 
(shouldn't this be discussed on tech-net instead of tech-kern?)

[ On , February 3, 1999 at 22:00:57 (-0800), Michael Graff wrote: ]
> Subject: "default" outgoing address
>
> I'd like to commit this soon, if noone has serious objections.
> Please comment.  :)
> 
> In my environment at home and where my primary flame.org machines
> live, each machine has a physical IP address (which by and large is
> not reachable from the outside world) and a number of aliases.  These
> aliases are reachable to the outside world.
> 
> The physical address of one machine for instance is
> kechara.rc.vix.com, with an ifalias of kechara.flame.org.  I really
> want all outgoing connections (unless bound to a specific port) to
> originate from the alias, not the real interface address.

Sounds OK to me though I also like Paul Goyette's idea:

	sysctl -w net.inet.ip.<ifname>.srcaddr=NNN.NNN.NNN.NNN

perhaps with the addition that if explicit ifname srcaddr's are not set
then a "global" one would be chosen instead, if it's set.

	sysctl -w net.inet.ip.srcaddr=NNN.NNN.NNN.NNN # global

My question is why you set things up this way in the first place.  Just
to make life difficult?  Why not just reverse the addresses and make the
un-reachable one(s) aliases?

Also, what about the case where an interface is used to share two or
more networks with a single physical connection?  Say, for example, I
have a port with 192.168.1.1 as it's initial physical address and
10.1.1.1 as an alias.  In this case I'd like to make the source address
be set based on either the destination address for incoming connections,
or the closest match for outgoing connections.  I think Paul Vixie
posted a patch somewhere once upon a time to do something close to this.
Would this not make more sense to use in your situation?

(Of course your proposal can easily stand on its own merit -- though
I think it's only practical purpose is to give people too much rope!  ;-)

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>