Re: Source IP confusion

[Jez Hancock]

On Tue, Feb 17, 2004 at 02:05:38PM +, Wayne Pascoe wrote:
> The problem I'm having is forcing that application to use its alias for
> outbound connections. Even though the local_interfaces in exim is set to
> 192.168.1.3, when it connects to a machine to deliver mail, that
> connection comes from 192.168.1.2 . 

Have a look at section 13.7 of the exim spec - 13.7 Delivering to a
remote host:

13.7 Delivering to a remote host   |
   |
Delivery to a remote host is handled by the smtp transport. By default, it |
allows the system's TCP/IP functions to choose which interface to use (if  |
there is more than one) when connecting to a remote host. However, the |
"interface" option can be set to specify which interface is used. See the  |
description of the smtp transport in chapter 30 for more details.  |

Section 30 details the use of the 'interface' option to specify which
network interface should be used when delivering mail in your exim smtp
transport:

interface Type: string list*Default: unset

This option specifies which interface to bind to when making an outgoing
SMTP call. The variables $host and $host_address refer to the host to
which a connection is about to be made during the expansion of the string.
Forced expansion failure, or an empty string result causes the option to
be ignored. Otherwise, after expansion, the string must be a colon-
separated list of IP addresses, for example:

  interface = <; 192.168.123.123 ; 3ffe::836f::fe86:a061

The first interface of the correct type (IPv4 or IPv6) is used for the
outgoing connection. If none of them are the correct type, the option is
ignored. If "interface" is not set, or is ignored, the system's IP
functions choose which interface to use if the host has more than one.

Given this if you add:

interface = 192.168.0.3

to your smtp transport perhaps this will solve the problem.

I'm not too sure about named, but presumably there is something similar.

Good luck.

-- 
Jez Hancock
 - System Administrator / PHP Developer

http://munk.nu/
http://jez.hancock-family.com/  - Another FreeBSD Diary
http://ipfwstats.sf.net/- ipfw peruser traffic logging
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Source IP confusion

[Wayne Pascoe]

Hi all,

I'm trying to setup firewalling for some machines, but I'm having some
problems with services on aliases. 

I'll use 192.168.1.2 as the primary address and 192.168.1.3 as the alias
for this example.

I have applications like exim and bind, listening on 192.168.1.3 (an
alias on a machine). They are only listening on the alias and on
127.0.0.1. They are NOT listening on 192.168.1.2 (the main IP Address).

The problem I'm having is forcing that application to use its alias for
outbound connections. Even though the local_interfaces in exim is set to
192.168.1.3, when it connects to a machine to deliver mail, that
connection comes from 192.168.1.2 . 

This makes firewalling a bit of a pain, because I can't say 'Only allow
port 25 traffic from the mail alias' - I have to allow it from the
machine primary IP. 

Can anyone explain why this is and also if there is a way (without
reverting to jails) of getting my applications to use an outgoing
connection ? 

Regards,

-- 
Wayne Pascoe
Bury me deep when there's no will to be
better than you! - Metallica
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"