Item 1: Cause daemons to use a specific IP address to source communications
Origin: Bill Moran <[EMAIL PROTECTED]>
Date: 18 Dec 2006
Status:
What: Cause Bacula daemons (dir, fd, sd) to always use the ip address
specified in the [DIR|DF|SD]Addr directive as the source IP
for initiating communication.
Why: On complex networks, as well as extremely secure networks, it's
not unusual to have multiple possible routes through the network.
Often, each of these routes is secured by different policies
(effectively, firewalls allow or deny different traffic depending
on the source address)
Unfortunately, it can sometimes be difficult or impossible to
represent this in a system routing table, as the result is
excessive subnetting that quickly exhausts available IP space.
The best available workaround is to provide multiple IPs to
a single machine that are all on the same subnet. In order
for this to work properly, applications must support the ability
to bind outgoing connections to a specified address, otherwise
the operating system will always choose the first IP that
matches the required route.
Notes: Many other programs support this. For example, the following
can be configured in BIND:
query-source address 10.0.0.1;
transfer-source 10.0.0.2;
Which means queries from this server will always come from
10.0.0.1 and zone transfers will always originate from
10.0.0.2.
--
Bill Moran
Collaborative Fusion Inc.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
