On Wed, Oct 27, 2004 at 08:19:03AM +0200, BlueStar88 wrote:
No, don't drop them, just label them, on the source node. Then, on the router, make sure the labelled packets only go to the desired interface. Likewise make sure that the listenPort is only accessible from that interface.
Humm... i'm thinking about some mangeling/alteration of those packets. I do not have much experiences with iptables, but i'll find out!!!
If you are running the firewall on a separate machine then the node will only have one address on eth0..
I'm not running a separate machine..
Because that is how TCP/IP works, unless you explicitly bind an address.eth0 123.123.123.123 eth0:1 123.123.123.124 eth0:2 123.123.123.125
In the example above it would use all of the three ips, to initiate outgoing connections. I don't know why.
Freenet has no way to know which address is preferred and in fact most
people will want it to use all 3 addresses.
Why they should? IP separation is to *separate* something, like the usage/apllication and special routing, thought.
Using separate IPs for the same application on the same network segment make no real sense to me!? Humm... thinking... okay, the only use would be on multiple segments on one interface.. to serve different subnets. Yes, you're right.
The use of multiple ip's of the same segment in the same segment is the thing with less sense ;-)
But that would make it looks like three different hosts acting with one node-identity.
True, we don't properly support multi-homing yet.
So i *have to* prevent using different ip's to use freenet properly. Okay, i'll do my best.
Is there a way to make the node using only one address!? Or is there generally no way to avoid the use of multiple virtual addresses on outgoing connections?
You ought to be able to make it work with the firewall rules. If you can't, then you can hack the source. If you want me to do it that's fine but you need to donate $100 to the project and give me a shell where I can test it.
Yes, okay. Additionally i wasn't aware of that dimension to implement ip bounding. Thought there is anything like a change from 0.0.0.0 to a user changeable ip. Just one string/variable operation and another token in the config......
Generally ip bounding is a basic function, thought. Almost all basic services on linux are boundable.
Ahm... $100? I'm supporting freenet already in some ways, but don't mind..
There are much more important things to do on freenet, to get it to a basic reliable and really cool service, so i can wait for sure, if there is a change at a time, that makes my firewall config needless ;-)
_______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
