Need help with network aliases and firewall (FC4)

Mike Wright xktnniuymlla at mailinator.com
Thu Aug 24 21:59:17 UTC 2006 

Marko Vojinovic wrote:
> On Wednesday 23 August 2006 17:09, Marko Vojinovic wrote:
> 
>>Short version:
>>
>>My eth2 device is supposed to listen to two different IP addresses, so I
>>created an alias, eth2:1. 

 From what I can figure, and I could be quite wrong, using alias devices 
is deprecated.  I've been using /sbin/ip alot to configure devices and 
routes.

Here's a made up example that you may be able to use as a base for what 
you are trying to do.

/sbin/ip address add 10.0.0.1/24 device eth1
/sbin/ip address add 10.0.0.2/24 device eth1
/sbin/ip link set device eth1 up

# eth1 now has 2 IPs and is up.  You can check that with either ifconfig
#  or with /sbin/ip link list -or- /sbin/ip address list

# if you need you can specify that all traffic for that subnet be routed
#  through that device

/sbin/ip route add 10.0.0.0/24 device eth1

# or that it be your default route

/sbin/ip route add default via 10.0.0.1(or 2) device eth1

/sbin/ip is very powerful.  I highly recommend it to anyone doing 
anything at all with networks.

Hope that helps,
Mike Wright

However, I cannot communicate to it unless the
>>firewall is down. As for the firewall, I am not so comfortable with
>>iptables, so I use firestarter as a gui to it. But there is no (obvious)
>>way to configure it for eth2:1...
>>
>>So, how are ethernet aliases implemented in general and what is their
>>interaction with iptables like? I need to have the working eth2:1 with
>>firewall being up, how? :-(
> 
> 
> I give up. It seems there is no way to make firestarter work with aliases. It 
> requires exactly one 'internet' device and one 'local' device. It is possible 
> to make eth2:1 work by manually inserting a couple of rules in iptables, but 
> they eventually get overwritten the next time firestarter is started. In 
> principle, I could make a cron job check iptables periodically and insert the 
> rules if necessary, but that would be too ugly hack.
> 
> Ping works because iptables are set to be transparent to icmp packets.
> 
> At this point half of the configuration I made on the machine is useless since 
> httpd, dhcpd and named are not able to go through the eth2:1 device, and I 
> need to rethink the design of the whole thing.
> 
> Or give up firestarter, master iptables skills and tweak them manually every 
> time (which is equally painful)...
> 
> Oh, well... :-(
> 
> Best regards,
> Mark
>

More information about the fedora-list mailing list