Article delegate-en/1658 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1657@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Bind zu specific Interface for outgoing Traffic
30 May 2002 06:00:29 GMT feedback@delegate.org (Yutaka Sato)


On 05/29/02(21:07) you =?ISO-8859-1?Q?Thomas_B=F6rnert?= <ppedabdyi-p5lznxo2vbxr.ml@ml.delegate.org> wrote
in <Pine.LNX.4.33.0205291359240.10000-00000X@obelix.intra.tbits.net>
 |I'm using delegated on a firewall with a freeswan vpn tunnel.
 |I've 3 Interfaces : eth0 (internal), eth1 (external) ipsec0 (vpn).
 |I'll bind delegated to eth0 and it should be send all data
 |with this source address of eth0 over the vpn to the other locations.
 |Sendmail can do that for example. If i do this with delegated already

Could you tell me how is the sendmail configured to do so?

 |the address from the interface ipsec0 will be used, because the
 |traffic will be routed through the interface ipsec0.
 |
 |the delegated comman:
 |delegated -P192.168.73.1:123/udp SERVER=udprelay://192.168.118.40:123 /
 |          SRCIF="192.168.73.1:*:*192.168.118.40:192.168.73.1" /
 |          LOGFILE="/var/log/delegate"
 |
 |i'll use the delegated on the firewall as proxy for the ntp protocol (net-
 |work-time-protocol)

I see.  You are so right to think you can use SRCIF to make DeleGate
do bind the source address.  I've not implemented to refer SRCIF in
udprelay yet, I'll make it as the enclosed patch.
I'm not sure the configuration of your interfaces, but I think just

 SRCIF=192.168.73.1

will do if it is the address of "ipsec0".

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

*** ../delegate7.9.5/src/udprelay.c	Mon Mar  4 15:46:54 2002
--- udprelay.c	Thu May 30 14:32:45 2002
***************
*** 108,114 ****
  	return service_permitted0(clhost,clport,"udprelay",svhost,svport);
  }
  
! static UDP_Assoc *newUA(uav,clhost,clport,svhost,svport)
  	UDP_Assoc *uav[];
  	char *clhost,*svhost;
  {	int ux;
--- 108,115 ----
  	return service_permitted0(clhost,clport,"udprelay",svhost,svport);
  }
  
! static UDP_Assoc *newUA(Conn,uav,clhost,clport,svhost,svport)
! 	Connection *Conn;
  	UDP_Assoc *uav[];
  	char *clhost,*svhost;
  {	int ux;
***************
*** 116,131 ****
  	int svsock;
  	int rcode;
  	char msg[128];
  
  	if( !permitted(clhost,clport,svhost,svport) )
  		return NULL;
  
! 	svsock = server_open("UDPRELAY",NULL,0,-1);
  	if( svsock < 0 ){
  		ux = longestIdle(uav);
  		sv1log("push out longest idle 1 [%d]\n",ux);
  		delUA(uav,ux,"NoMoreSocket",1);
! 		svsock = server_open("UDPRELAY",NULL,0,-1);
  		if( svsock < 0 )
  			return NULL;
  	}
--- 117,140 ----
  	int svsock;
  	int rcode;
  	char msg[128];
+ 	char lhost[256];
+ 	int lport;
  
  	if( !permitted(clhost,clport,svhost,svport) )
  		return NULL;
  
! 	strcpy(lhost,"*");
! 	lport = 0;
! 	SRCIFfor(Conn,"udprelay",svhost,svport,lhost,&lport);
! 	if( strcmp(lhost,"*") == 0 )
! 		lhost[0] = 0;
! 
! 	svsock = server_open("UDPRELAY",lhost,lport,-1);
  	if( svsock < 0 ){
  		ux = longestIdle(uav);
  		sv1log("push out longest idle 1 [%d]\n",ux);
  		delUA(uav,ux,"NoMoreSocket",1);
! 		svsock = server_open("UDPRELAY",lhost,lport,-1);
  		if( svsock < 0 )
  			return NULL;
  	}
***************
*** 299,305 ****
  			}
  			ua = findUAbysrc(uassocv,ihost,iport,svhost,svport);
  			if( ua == NULL ){
! 				ua = newUA(uassocv,ihost,iport,svhost,svport);
  				if( ua == NULL ){
  					continue;
  				}
--- 308,314 ----
  			}
  			ua = findUAbysrc(uassocv,ihost,iport,svhost,svport);
  			if( ua == NULL ){
! 				ua = newUA(Conn,uassocv,ihost,iport,svhost,svport);
  				if( ua == NULL ){
  					continue;
  				}

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V