Need help with network aliases and firewall (FC4)
Marko Vojinovic
vvmarko at panet.co.yu
Thu Aug 24 18:13:13 UTC 2006
On Wednesday 23 August 2006 17:09, Marko Vojinovic wrote:
> Short version:
>
> My eth2 device is supposed to listen to two different IP addresses, so I
> created an alias, eth2:1. However, I cannot communicate to it unless the
> firewall is down. As for the firewall, I am not so comfortable with
> iptables, so I use firestarter as a gui to it. But there is no (obvious)
> way to configure it for eth2:1...
>
> So, how are ethernet aliases implemented in general and what is their
> interaction with iptables like? I need to have the working eth2:1 with
> firewall being up, how? :-(
I give up. It seems there is no way to make firestarter work with aliases. It
requires exactly one 'internet' device and one 'local' device. It is possible
to make eth2:1 work by manually inserting a couple of rules in iptables, but
they eventually get overwritten the next time firestarter is started. In
principle, I could make a cron job check iptables periodically and insert the
rules if necessary, but that would be too ugly hack.
Ping works because iptables are set to be transparent to icmp packets.
At this point half of the configuration I made on the machine is useless since
httpd, dhcpd and named are not able to go through the eth2:1 device, and I
need to rethink the design of the whole thing.
Or give up firestarter, master iptables skills and tweak them manually every
time (which is equally painful)...
Oh, well... :-(
Best regards,
Marko
More information about the fedora-list
mailing list