On Sun, Jun 21, 2020 at 5:20 PM Stuart Henderson <s...@spacehopper.org> wrote: > > IIRC "local" isn't enough, some packets are still sent on the bound > 0.0.0.0, the kernel chooses the source address (based on the local > interface address in the route to the destination) and it can be > the wrong address for the other side.
I believe that is what I saw. The passive side received packets on the alias address but when it sent replies they went out the main address instead. As I'm getting a /29 via the cable modem which has some extra ports and in some cases my openbsd firewalls also have extra ports, so instead of bringing all 5 addresses into one port maybe configuring a different interface with one of the aliases as its only address could work, but I believe it would need to be in a different rdomain. Which may be, in the end, a more elegant solution. Is there any appreciable overhead using domains like this? Thanks!
