netbsd-users: Odd problem with ifconfig aliases

Subject: Odd problem with ifconfig aliases
To: None <netbsd-users@netbsd.org>
From: Lasse =?iso-8859-1?Q?Hiller=F8e?= Petersen <lhp@toft-hp.dk>
List: netbsd-users
Date: 02/21/2001 21:41:42
I have an ADSL connection with an ISP-configured router. This router
translates traffic to my IP-address into various private 192.168.1.x
addresses, depending on the protocol. SMTP goes to 192.168.1.2, and HTTP
goes to 192.168.1.3. Changing this is rather expensive.

I have successfully had my server configured with the following
/etc/ifconfig.rtk0 file:
inet 192.168.1.3 netmask 0xffffff00 media autoselect
inet 192.168.1.2 netmask 0xffffff00 alias

This worked fine for HTTP and SMTP, from the outside, as well as from the
inside.

In order to have names locally, I have set up named on the server
(unreachable from the outside, of course), with two A records for my domain
name, toft-hp.dk, for 192.168.1.2 and 192.168.1.3.

This has also worked fine. The server always answers connections from my
client machine correctly, be it POP, SSH, FTP, HTTP, SMTP.

However, I have tried setting up OpenLDAP v2.0.7, and this seemed to be
problematic. Apparantly it will only listen on one address on one network,
so despite starting slapd with -h ldap://192.168.1.2/ ldap://192.168.1.3/
explicitly; every other ldap connection failed. (named by default returns
adresses in a round-robin fashion, it seems.)

If I set up slapd to only listen on the alias, the connection seems to come
up halfway or something, if I try an ldapsearch -h 192.168.1.2. The
non-alias address, 192.168.1.3 succeeds.

This also seems to be the case for other services, I found out.
If I from the server itself try to telnet to port 25, I get through fine if
I use 192.168.1.3, but if I use the aliased address, I never get a
connection, it just sits there indefinitely. I *can* get an SMTP connection
on 192.168.1.2 from my client machine, however. (That's why I got surprised
when LDAP didn't work in that situation.)

So this is not an issue with LDAP, but an issue with IP-aliases. Probably
this is a known (except to me) issue with aliases on the same network, and
most likely there are good reasons why this is so. However I have not been
able to find any documentation of this. The manpage for ifconfig does not
mention any problems that would make an alias work different than the
"real" address, but perhaps this has never occured to anyone, given the
example in the manpage. However, I think my "abuse" of this feature is
valid, and although I can work around the problem, it would have been nice
if it were documented in the ifconfig manpage.

At least that's what I think. But before I file a PR or write a patch to
the manpage, I'd like to hear from other people. Perhaps it's just me being
stupid. If so, by all means let me know!

-Lasse