4.6. Source Address Selection

The selection of the correct source address is key to correct communication between hosts with multiple IP addresses. If a host chooses an address from a private network to communicate with a public Internet host, it is likely that the return half of the communication will never arrive.

The initial source address for an outbound packet is chosen in according to the following series of rules. The application can request a particular IP [20], the kernel will use the src hint from the chosen route path [21], or, lacking this hint, the kernel will choose the first address configured on the interface which falls in the same network as the destination address or the nexthop router.

The following list recapitulates the manner by which the kernel determines what the source address of an outbound packet.

Also refer to this excerpt from the iproute2 command reference.

[20] Many networking applications accept a command line option to prefer a particular source address. The call to select a particular IP is known as bind(), so the command line option frequently contains the word bind, e.g., --bind-address. Examples of command line tools allowing specification of the source address are nc -s $BINDADDR $DEST $PORT or socat - TCP4:$REMOTEHOST:$REMOTEPORT,bind=$BINDADDR.

[21] In this case, the route has already been selected (see Section 4.5, “Route Selection”) and the chosen route entry includes a hint for preferred source address on outbound packets specifically for this purpose. For examples on configuring the routing tables to include this parameter, see Example D.19, “Using src in a routing command with route add.