Sample Header Ad - 728x90

Can't bind client to local IP, another IP is used silently

0 votes
1 answer
47 views
Due to a firewall on a server, I need to make all connections to it from a host (Slackware64 linux 14.2, kernel 5.4) using allowed source IP, **10.2.23.1** in this case. IP addresses on host: $ ip a [...] 6: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0d:b9:55:c1:c8 brd ff:ff:ff:ff:ff:ff inet 10.2.22.7/28 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20d:b9ff:fe55:c1c8/64 scope link valid_lft forever preferred_lft forever 7: eth1: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0d:b9:55:c1:c9 brd ff:ff:ff:ff:ff:ff inet 10.10.16.166/30 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::20d:b9ff:fe55:c1c9/64 scope link valid_lft forever preferred_lft forever 8: eth2: mtu 1500 qdisc htb state UP group default qlen 1000 link/ether 00:0d:b9:55:c1:ca brd ff:ff:ff:ff:ff:ff inet 10.2.23.1/24 scope global eth2 valid_lft forever preferred_lft forever inet 10.247.226.186/32 scope global eth2 valid_lft forever preferred_lft forever inet6 fe80::20d:b9ff:fe55:c1ca/64 scope link valid_lft forever preferred_lft forever [...] For example, using SSH, I want to connect to 10.0.4.16 from local IP 10.2.23.1: $ ssh -b 10.2.23.1 admin@10.0.4.16 The connection fails, because ssh uses 10.247.226.186 as a source IP, not 10.2.23.1 as it should (confirmed with tcpdump) - and that isn't allowed on server. Of course I could allow another IP on server, but I want to know **WHY** it doesn't work. I also wrote a simple C program confirming this (really only socket, bind to 10.2.23.1 and connect to ... anywhere in fact). The program runs, no errors from bind function, but the source IP is always 10.247.226.186. Does anyone have any clue why all connections use **the other IP** on eth2? Could be the /32 netmask the problem? Thank you. EDIT: Added the host OS.
Asked by ico (1 rep)
Dec 15, 2023, 04:40 PM
Last activity: Dec 16, 2023, 12:42 PM