Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[rsd]

This is a Must have feature.

This is intended to be a followup to the thread: http://forum.amule.org/thread.php?threadid=3575&sid=&hilight=bind

Imaging the situation:

- 2 eth interfaces;
- 1 interface has a expansive link used as default route (e.g. a T1)
- 1 interface has a cheap link (e.g. ADSL)

So, if I want to use amule with the cheap link I can't, because the default route points to the expansive link.

Every decent network application has a way to specify with interface (or address) you want to bind to, but amule.

If the trouble is adding this option in the preferences and the fear to break stuff out, why not just add a command line option to specify the interface?

Something like: $ amule --bind-interface=eth1

I think lots of people would appreciate this.


Regards,

Raul Dias

[phoenix]

rsd,

It is on the way, will probably be on 2.0.0 final.

Cheers!

[lfroen]

rsd: please, search the forum for my previous explanation on this issue. I have explained it 3 times at least. Short answer no, it doesn't work this way. Use iptables instead.

phoenix: same answer - no way, too os dependant; iptables can do just fine

[phoenix]

lfroen,

This has been discussed, bind to an interface is possible, choose the route is not possible. He pointed us to that thread, remember? What is the problem of choosing an interface to listen? Just set the address to something different from 0.0.0.0. ANd hopefully to some number belonging to one of your interfaces. Am I missing something?

Cheers!

[lfroen]

phoenix: yes, you do missing something. Binding to specific interface IS possible, but almost useless. Why useless ? Becouse being very user-unfriendly, impossible to do automatically, and can be easy replaced by proper iptables configuration.
Also note, that you can't bind to 2 interfaces say, out of total 3. It is either 1 or all (or have CListenSocket + CUdpSocket per interface).

To all those who request this feature: you talking about not-trivial thing. Go RTFM + "what is routing about" + "iptables HOWTO" before posting. Thank you.

[phoenix]

Well, it seems like I still miss something. I know it is one or all. But hey, the man wants to bind to a specific interface. So be it! It can't be done automatically, so what? He must tell which interface. Incomming traffic will go through the interface he specifies. That might just be enough. Outgoing traffic is another story.

The one problem I see, but you did not mention is that a client connect to a socket on a certain IP and receive a reply on another IP, and that packet, by default linux kernel configuration, will be dropped. *This* is a reason not to do it. Although some machines can be configured not to drop, but as this is a non-default cofiguration on the other client, that makes the one interface binding pointless.

Maybe now I found what I missed.

rsd, it seems like we won't do it anymore, unless you can convince me, and worst, convince lfroen

Cheers!

[lfroen]

but you did not mention is that a client connect to a socket on a certain IP and receive a reply on another IP

That is not client, but router configuration. But to reach this situation you need to tweak your routing tables and kernel params. It's really not recommended unless you 100% understand what are you doing.

"Binding to interface" is sometimes usefull feature (say for security) but it's biggest problem is inability  automatically discover all system interfaces and thus prone to configuration errors.

[phoenix]

Originally posted by lfroen
That is not client, but router configuration. But to reach this situation you need to tweak your routing tables and kernel params. It's really not recommended unless you 100% understand what are you doing.

Suppose you are aMule #1 and wants to connecto to aMule #2 in my machine. I am bound to an interface that is not my default gateway, no tweaking in routing tables. You send me a SYN to the IP of my bound interface. I send you an ACK with the IP of my default gateway. What happens to my ACK when it reaches your machine?

Cheers!

[lfroen]

What happens to my ACK when it reaches your machine?

That a point I trying to make: ACK will not reach your machine. If you sending from intrface with address A packet with source IP = B, most probably router will drop it. Most routers will, 'cause they think that you "spoofing source IP". I suggest you to read "TCP/IP illustrated" or "Routing Internet 2nd edition". Those are really good source of info on this subject.

[phoenix]

Originally posted by lfroen
That a point I trying to make: ACK will not reach your machine.

No, pay attention to the example I gave you. ACK is generated at *my* machine, *you* are starting the connection. ACK does reach your machine. But you will drop it because the IP address won't match.

Originally posted by lfroen
If you sending from intrface with address A packet with source IP = B, most probably router will drop it. Most routers will, 'cause they think that you "spoofing source IP".

I am not doing this. I am not sending a packet though the wrong interface, nor am I forging IP. Routers won't notice anything wrong, because there is nothing wrong. The packet will go through the normal kernel routing and will go out through the default interface, as usual. This is actually a technique used in asymetric network connections using satelite for downlink and phone for uplink. There is usually a kind of NAT on the uplink at the ISP to so that the outgoing address of the packet is rewritten to be your downlink IP address.

Originally posted by lfroen
 I suggest you to read "TCP/IP illustrated" or "Routing Internet 2nd edition". Those are really good source of info on this subject.

The first one is really nice, the second one I still did not have the opportunity to read, thanks for the suggestion! I'll try to find one in the library.

[lfroen]

phoenix: please you pay attention to technical details of example that you gave:

You have 2 interfaces: A, and B. default gateway is befind A.

I am bound to an interface that is not my default

This mean you bind on interface B.

You send me a SYN to the IP of my bound interface.

My address is C and I send you SYN packet with src=C and dst=B (your bound interface)

I send you an ACK with the IP of my default gateway.

Now let's analyze this. Destination IP of ACK is C, and source is B - that's how TCP stack works. But you sending it thru your default gateway, which is behind interface A (see above).
Now what we have? Packet with SIP=B sent thru interface, with address A. That's called spoofing. Rest you already know.

[phoenix]

lfroen,

You are right, I thought the packet would leave my machine with the IP address of the interface through which it was routed. But routing occurrs after the packet is assembled, so it leaves the TCP stack with destination IP address equal to the original sender IP address. The router will probably drop the packet because of IP spoofing.

Thanks for the patience! No kidding.

Cheers!