9.7. Binding to Non-local Addresses
FIXME!! Don't forget to note that iproute2 NAT and binding to
non-local IPs do not play well together. I disagree with
this.
Binding to a non-local socket, which was possible under
kernel 2.2 with when the kernel was compiled with
CONFIG_IP_TRANSPROXY, is available under kernel 2.4 via the
/proc
IP sysctl interface. If you wish to be
able to bind to non-local sockets:
# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
|
Thanks go to Oskar Andreasson for his IP sysctl tutorial page.
If using sysctl to allow binding to non-local IP doesn't solve
your problem, then see if
netfilter NAT
can be used to solve this class of problem.
Some people view the technique of binding to non-local IPs as
spoofing, and indeed, it can be used for nefarious purposes, if an
attacker controls a machine on the route between a target and a
victim.