Need help with network aliases and firewall (FC4)
Mike Wright
xktnniuymlla at mailinator.com
Thu Aug 24 21:59:17 UTC 2006
Marko Vojinovic wrote:
> On Wednesday 23 August 2006 17:09, Marko Vojinovic wrote:
>
>>Short version:
>>
>>My eth2 device is supposed to listen to two different IP addresses, so I
>>created an alias, eth2:1.
From what I can figure, and I could be quite wrong, using alias devices
is deprecated. I've been using /sbin/ip alot to configure devices and
routes.
Here's a made up example that you may be able to use as a base for what
you are trying to do.
/sbin/ip address add 10.0.0.1/24 device eth1
/sbin/ip address add 10.0.0.2/24 device eth1
/sbin/ip link set device eth1 up
# eth1 now has 2 IPs and is up. You can check that with either ifconfig
# or with /sbin/ip link list -or- /sbin/ip address list
# if you need you can specify that all traffic for that subnet be routed
# through that device
/sbin/ip route add 10.0.0.0/24 device eth1
# or that it be your default route
/sbin/ip route add default via 10.0.0.1(or 2) device eth1
/sbin/ip is very powerful. I highly recommend it to anyone doing
anything at all with networks.
Hope that helps,
Mike Wright
However, I cannot communicate to it unless the
>>firewall is down. As for the firewall, I am not so comfortable with
>>iptables, so I use firestarter as a gui to it. But there is no (obvious)
>>way to configure it for eth2:1...
>>
>>So, how are ethernet aliases implemented in general and what is their
>>interaction with iptables like? I need to have the working eth2:1 with
>>firewall being up, how? :-(
>
>
> I give up. It seems there is no way to make firestarter work with aliases. It
> requires exactly one 'internet' device and one 'local' device. It is possible
> to make eth2:1 work by manually inserting a couple of rules in iptables, but
> they eventually get overwritten the next time firestarter is started. In
> principle, I could make a cron job check iptables periodically and insert the
> rules if necessary, but that would be too ugly hack.
>
> Ping works because iptables are set to be transparent to icmp packets.
>
> At this point half of the configuration I made on the machine is useless since
> httpd, dhcpd and named are not able to go through the eth2:1 device, and I
> need to rethink the design of the whole thing.
>
> Or give up firestarter, master iptables skills and tweak them manually every
> time (which is equally painful)...
>
> Oh, well... :-(
>
> Best regards,
> Mark
>
More information about the fedora-list
mailing list