On 27.02.2009, at 21:01, koettermarkus_at_gmx.de wrote:

> Do you really download content as root user?

Yes, the system is an embedded system and there is basically only one
user (well, there are a couple more but those are used as needed to
drop rights for some servies).

> Can you describe how to verify SO_BINDTODEVICE behaviour, your
> special network setup which requires binding the device?, I'd be
> glad to verify it myself.

Basically you have several routing instances on a system, this could
be several NICs, ATM channels or VLANs (the latter two in our case).

One of them resembles a default route and has a MASQUERADE iptables
rule attached to it that is also used to provide internet to several
LAN interfaces.

The other(s) are just NICs configured with private addresses but without
route on the system. SO_BINDTODEVICE is then used to nail particular
services
like VoIP, TR-069 or Software downloads to those interfaces.

This way a seperation of private and public ISP networks can be reached.

Servus,
       Daniel
Received on 2009-02-27