I've two ADSL connections. One has static IP (85.90.198.1), another has dynamic IP (currently 91.124.210.213). I've configured default route to both ADSL simultaneously using iproute2 tool, to have internet connection even if one ADSL is down. But for things like outgoing SSH and SMTP connections I've configured routing using ADSL with static IP. This is done using FwMark for packets to tcp ports 22&25 at iptables mangle OUTPUT chain, and then using 'ip rule' to route packets with that FwMark. While testing this configuration I've found netstat is incorrectly show source IP for my outgoing connection to 69.93.246.50:25 - it show my dynamic IP. But I've used wireshark, and it show my static IP in these tcp packets instead. Also I've checked netstat output on target server, and it also show my static iP. Here is output of my local netstat: tcp 0 0 91.124.210.213:41862 69.93.246.50:25 ESTABLISHED 4522/telnet and here is output of remote netstat (running on 69.93.246.50): tcp 0 0 69.93.246.50:25 85.90.198.1:41862 ESTABLISHED 9531/qmail-smtpd I'm using up-to-date x86 system: [ebuild R ] sys-apps/net-tools-1.60-r13 USE="nls -static" 0 kB Reproducible: Always Portage 2.1.3.9 (hardened/x86/2.6, gcc-3.4.6, glibc-2.5-r4, 2.6.20-hardened-r6 i686) ================================================================= System uname: 2.6.20-hardened-r6 i686 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Timestamp of tree: Wed, 26 Sep 2007 22:00:01 +0000 app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.3.5-r3, 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.17-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium-m -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /service /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=pentium-m -O2 -pipe" DISTDIR="/usr/portage-distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://ftp.uoi.gr/mirror/OS/gentoo/ http://ftp.lug.ro/gentoo/ http://mirror.qubenet.net/mirror/gentoo/" LANG="ru_RU.KOI8-R" LINGUAS="en ru" MAKEOPTS="-j3" PKGDIR="/usr/portage-packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/musicbrainz /usr/portage/local/layman/berkano /usr/portage/local/layman/vmware /usr/local/portage /usr/local/portage-power /usr/local/portage-rusxmms" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X Xaw3d aac acpi aim alsa apache2 arts asf avi bash-completion berkdb bitmap-fonts bzip2 cdr cracklib crypt cscope curl dbus dga divx4linux dlloader dri dts dvd dvdr dvdread encode ffmpeg flac flash gd gdbm gif gnutls gpgme gtk gtk2 hardened icq idn imagemagick imap imlib irc jabber javascript jpeg kdeenablefinal lirc lm_sensors lzo mad mailbox mbox midi mmx mng motif mp3 mpeg msn mysql ncurses nls nptl nptlonly ogg opengl oss pam pcre perl pic png pwdb qt quicktime rcc readline real rss rtc samba sdl slang spell sse sse2 ssl ssse3 svg sysfs tcltk tcpd tiff truetype truetype-fonts type1-fonts urandom vim-pager vim-with-x vorbis win32codecs x86 xinetd xorg xv xvid yahoo zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" LIRC_DEVICES="serial" USERLAND="GNU" VIDEO_CARDS="vesa fbdev nv" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
i doubt this is netstat screwing it up since netstat merely opens /proc/net/tcp and changes it to something more human readable i imagine if you review /proc/net/tcp yourself, you'd see the same discrepancies
So (as asked in comment #1) is it only netstat that shows you this incorrect source IP address, or do other tools give the same result? Are you able to reproduce this with the latest development kernel (2.6.23-rc9 as of this writing)? Please post your kernel .config and dmesg output.
Please reopen if/when you can provide the info requested in comment #2.