Need help with network aliases and firewall (FC4)

Marko Vojinovic vvmarko at panet.co.yu
Wed Aug 23 15:09:02 UTC 2006 

Short version:

My eth2 device is supposed to listen to two different IP addresses, so I created an alias, eth2:1. However, I cannot communicate to it unless the firewall is down. As for the firewall, I am not so comfortable with iptables, so I use firestarter as a gui to it. But there is no (obvious) way to configure it for eth2:1...

So, how are ethernet aliases implemented in general and what is their interaction with iptables like? I need to have the working eth2:1 with firewall being up, how? :-(

Long version:

This host has three ethernet cards, eth0, 1 and 2. The 0 device is unplugged and used only as a backup. The eth1 is connected to the router and is not relevant for this story. The eth2 device is connected to LAN, and I want it to respond to both 10.0.0.1 and 10.1.0.1 addresses. So I assigned the first to eth2, and then created an alias, using system-config-network gui, and configured it for the second address (btw, is gateway setting important for it?). All devices (lo, eth1, eth2, eth2:1, and several vmnet* from vmware) are active, cleanly reported via ifconfig, and I *can* ping them, both locally and remotely. All seems ok.

But now the problem: I have httpd (several virtual hosts, ip-aware) and dhcpd listening to eth1, eth2 and eth2:1, but the they do not respond to eth2:1.
I also have named listening (only) on eth2:1, and also does not respond (used dig to test it). Repeat, I **can** ping eth2:1, which seems a little odd, since nothing else works.

This is the situation with firewall turned on. If I turn it off, everything (httpd, dhcpd and named) starts working as expected. But the host is also the firewall server, so it is supposed to be on.

As for the firewall configuration, it is rather customized -- I have many rules configured, NAT on eth2 and all... Since I am not comfortable with iptables, (and since the configuration is to be tweaked on a daily basis, don't ask me why...), I used firestarter to set it up, and so far it did a very good job, setting up everything with a couple of clicks, and is perfect for daily tweaking job.

But the firestarter does not see eth2:1 device, only eth2 (and others), and I don't know how to configure it. Also, eth2:1 is not visible in the system-config-services gui (when I click on "network", the status window says that lo, eth1 and eth2 are configured, while lo, eth1, eth2, vmnet1 and vmnet8 are active --- no mention of eth2:1, while vmnet* are not configured, but are active... :-) ...).

So what is the story here, and how do I make it work?

Sorry for not posting "iptables -n -L", I am at home writing this, but if needed, will get it tommorow.

Any advice appriciated, including pointers to FMs, as long as they are short enough to read&understand in one hour time...

Best regards, :-)
Marko

P. S. And WHY DOES PING WORK WHILE NOTHING ELSE WORKS???!!! How does it circumvent the firewall settings (not that it is set to block it, though...)?

  :-@

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060823/993f64c4/attachment-0001.htm>

More information about the fedora-list mailing list