Once upon a time, Ed Brown <[EMAIL PROTECTED]> said: > Chris Adams wrote: > >Once upon a time, Ed Brown <[EMAIL PROTECTED]> said: > >>With all due respect, this is crazy talk. ;-) It's circular logic, > >>or something. When a dns reply (or http reply, or echo reply, etc) is > >>queued for delivery, it does not HAVE a source address. > > > >A reply almost always does (because it is a reply on an existing socket, > >which is associated with a single local address). Outgoing requests > >typically just bind to INADDR_ANY, but some software (such as IIRC BIND) > >bind to each address individually. > > Daniel's problem is that DNS replies to requests that come in one > interface (the one lacking a default route), are being returned from a > different interface. How does that fit with what you say here?
Sorry, I hadn't been following the thread closely. IIRC there is no portable way for software to override the routing decision and force packets out a particular interface. There is a Linux extension that allows this (I don't remember what it is, but I remember modifying software to use it about 10 years ago); it allows software to bind a socket to a particular interface (instead of just address). > My basic contention here is that policy routing is for routers. It > can't help Daniel, it can't help anyone with multi-homed server > routing issues. Am I wrong? Linux can do routing based on source addresses with "ip rule" and the routing policy database. I haven't done this myself (and don't have a test bed I could try it on at the moment), but based on looking at the list archives though, I would suggest something like: ip route add default table 10 via 120.207.10.1 dev eth0 ip route add default table 20 via 120.207.17.1 dev eth2 ip rule add from 120.207.7.245/32 table 10 ip rule add from 120.207.17.22/32 table 20 ip route flush cache See "man ip" for more information. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
