[387] in linux-net channel archive
Re: Feature/hack for multi-homed hosts (esp. ifconfig alias)
daemon@ATHENA.MIT.EDU (Ian Jackson)
Sun May 28 15:18:58 1995
Date: Sun, 28 May 95 01:47 BST
From: iwj10@cus.cam.ac.uk (Ian Jackson)
To: linux-net@vger.rutgers.edu
Cc: Eric Packman <eric@micro.org>, rdr@legislate.com (Raul Miller),
Arnt Gulbrandsen <agulbra@troll.no>,
Peter.Anvin@linux.org (H. Peter Anvin)
In-Reply-To: <Pine.3.89.9505271609.A16466-0100000@amoeba>
Raul Miller writes ("Re: Feature/hack for multi-homed hosts (esp. ifconfig alias)"):
> Eric Packman:
> So what is so bad about accepting an incomming TCP connection on all
> ports? Obviously, I have missed something. Feel free to fill me in. :)
>
> I can think of two potential issues, perhaps both of them spurious.
>
> (1) when originating (rather than listening) choice of ip address may
> be significant.
>
> (2) In some circumstances it might be nice to not provide certain
> services on all interfaces. [e.g. when there's some concept of a
> "local" or "priviledged" subnet.]
Indeed - both are good examples.. In general it seems to becoming
more and more the case that people want to provide several different
services on the one machine - after all, this is claimed to be one of
the great advantages of Unix.
However, often these different services want to listen on the standard
port numbers - hence the desire to use features like `ifconfig alias'.
What you're trying to do is to make one physical box with one kernel,
process table, set of user accounts, &c, present several different
`faces' to the world. To do this you need to be able to tell a wide
variety of different programs which IP# (`face') to use.
Arnt Gulbrandsen writes ("Re: Feature/hack for multi-homed hosts (esp. ifconfig alias)"):
> For active opens, I think the routing table is the correct way to select
> interface. Is there anything the routing table can't be used for?
This is no good, because the same `target' may need to be the
destination of outgoing connections from different local interfaces.
For example, suppose my machine is hosting two different mail domains,
which for political reasons need to appear to be completely separate.
I can run two SMTP listeners, &c, but I also need to make sure that
outgoing messages come from the right IP# (and have the right HELO
string).
> For incoming connections, I think inetd.conf is the best place to put all
> this. [...]
I agree that inetd should be modified. However, that doesn't solve
all the problems. There are many other services that listen on ports
but are not run from inetd. On my own system I can see:
tcp 0 0 *:nntp *:* LISTEN root
tcp 0 0 *:6000 *:* LISTEN root
tcp 0 0 *:1107 *:* LISTEN root
tcp 0 0 *:1098 *:* LISTEN root
tcp 0 0 *:domain *:* LISTEN root
tcp 0 0 *:printer *:* LISTEN root
udp 0 0 *:xdmcp *:*
udp 0 0 *:domain *:*
udp 0 0 localhost:domain *:*
udp 0 0 chiark:domain *:*
udp 0 0 *:syslog *:*
I have deleted the ones managed by inetd. On some systems there would
also be an SMTP server and an httpd.
Even net-Doom has this problem (as I mentioned earlier): a housemate
and I wanted to try deathmatch Doom at hoome, but couldn't because -
though we have several X servers in the house - we do not have more
than one Linux system. OK, fixing Doom so as not to require a
specific port would be a better solution - but what chance do we have
of getting that done ? Here a way to get the C library to do what we
wanted would have solved our problem.
Now, I really don't fancy modifying all of INN, xdm, named, lpd,
syslogd, &c &c &c.
H. Peter Anvin writes ("Re: Feature/hack for multi-homed hosts (esp. ifconfig alias)"):
> This isn't a problem, at least not IMHO. In fact, this is *exactly*
> what the program wants - bind to all existing IP local addresses.
What I'm saying is that it's not always what the system administrator
wants, and sie should have the opportunity of *saying* what sie wants.
> This is most frequently requested for httpd, and there *are* properly
> modified version of httpd (Apache, for example). One program,
> however, which probably should be modified is inetd, for obvious reasons.
Indeed. However, this doesn't solve the general problem.
Ian.
