09-08-2015 05:18 AM
Is it possible to bind Steward to a specific IP? The question arise after we realised in one deployment where the host with Steward has several IPs from the same network was sending Steward responses from different IP from time to time which was not good from the firewall standpoint. Can it be configured to use a specific outgoing IP or it uses bind() to 0.0.0.0 and firewalls should be configured to expect connections from all available IPs? I suspect the latter but just wanted to re-confirm. Documentation for Steward is quite thin and does not go that deep, unfortunately.
09-08-2015 06:36 AM
You are right. The steward response will be sent from any of the IP on the host based on the host route table.
Can you try setting host based routes on the Steward, so that it uses specific source IP? I am not sure if this work but worth a try.
09-08-2015 05:53 PM
Thanks for the confirmation. To my knowledge, AIX can't do source based routing in its packet filter. Linux can but does not seem to be an option here.